Need for Data Protection Training - How E-learning Can Help?

Need for Data Protection Training
How E-learning Can Help?

Did you come across these recent
news items?
Source: http://www.theguardian.com/healthcare-network/2011/sep/07/south-manchester-foundation-trust-ico-memory-stick-loss

What do these items have
in common?

They are reports of data protection
breaches and their consequences.

What is Data Protection?
Data protection refers to the process of
ensuring that individual data is safe and
protected by 'data-controllers'.
Data controllers are those entities or
individuals who handle individual information.

Currently, each country in the European Union has its own
Data Protection Authority such as the Information
Commissioner's Office (ICO) in the United Kingdom.

However, a draft General Data Protection Regulation
(GDPR) has been passed by the European Parliament, and
this unified and simplified data protection mechanisms
across 28 member states of the European Union (EU).

The draft regulation is likely to come into
effect in 2015.

Once the GDPR has been finalized and
becomes a law, all European as well as
non-European organizations functioning
in the EU region will need to adhere to its
guidelines.

What does
this mean to organizations?

It becomes imperative for organizations to review their
data processing policies & practices and align them with
the new regulation.

What are the measures that
organizations need to take to ensure
compliance to GDPR?

Organizations need to have
transparent and well laid out processes
to handle data protection.

Good information governance should be adopted that will
enable organizations to answer questions pertaining to data
protection such as data classification scheme, ownership of
company data, data controllers within the organization.

If organizations work with Cloud Service Providers
and Data Processors, they need to review the
contracts to incorporate the new guidelines.

Companies need to be mindful of the location of
their cloud data and measures taken for
Data Backup and encryption.

Organizations need to set up systems and
procedures to secure consent before collecting
and processing personal data.

Companies need to ensure that all employees
handling individual data are trained effectively so that
they conform to the norms laid down in the EU Data
Protection regulation.

What happens in case
of non-compliance?

Organizations can incur huge losses in terms of
fines, if found violating the Data Protection Act.
SOURCE: http://www.theguardian.com/technology/2013/jan/24/sony-fined-over-playstation-hack
http://www.theguardian.com/media-network/media-network-blog/2013/aug/19/nhs-surrey-data-breach-scandal

Organizations could face fines up to 100 million euros
or up to 5% of their worldwide turnover in case of
breaches of General Data Protection Regulation (GDPR).
SOURCE: http://www.theguardian.com/technology/2013/jan/24/sony-fined-over-playstation-hack
http://www.theguardian.com/media-network/media-network-blog/2013/aug/19/nhs-surrey-data-breach-scandal

What are the Key Principles
of General Data Protection
Regulation (GDPR)

Processing of personal data is lawful if it is in accordance
with the law and pursues a legitimate purpose
The principle of lawful processing

Need for data processing should be visibly defined and
adhered to. Deviations require additional legal basis.
The principle of purpose specification
and limitation

Provides guidelines on how data is to be handled and include
the data relevance principle, data accuracy principle and
limited retention of data principle.
Data quality principles

Provides guidelines for transparency of processing. It also
makes it mandatory to seek consent from individuals and
provides rights to individuals to access their data.
The fair processing principle

Spells out the need to implement measures by organizations
to promote and safeguard data protection and can be
subjected to audit by supervisory authorities
The principle of accountability

It needs an elaborate study and training to ensure that
employees understand and enforce the new regulations.

How can organizations prepare their
employees for the new data protection
regulation?

Employees are often found to be the weakest
connection in the data protection process.

This is not usually because they are
unaware of the rules and their
responsibilities in the regard.

Very often employees
Do not understand the implications
of data breach.

Employees need to be motivated and educated
to reinforce the data protection process and
procedures of the organization.

This can be done through effective training that
is directed towards providing information and
creating awareness of data breach implications.

What are the different types of data security
that employees need to be aware?

Physical Security
Information pertaining to workplace security such
as the desks, rooms, hard copies of data as in file
cabinets etc.

Desktop Security
Focus on protecting computers from unauthorized
access.

Password Security
Advice and training to set up a strong password
and adopt secure practices.

Wireless Network Security
Security threats and safety mechanisms when
using unsecured wireless networks.

Phishing
Deals with safeguarding personal information from
unsafe network communications.

File Sharing
Responsibilities when handling internal data
and sharing information to external personnel,
temporary workers, etc.

What is the best method to train
employees on data protection regulation ?

employees on data protection regulation
All employees need to understand the importance
of data protection to a certain extent.
?

employees on data protection regulation
There are many methods that one can adopt to
provide data protection training.
Organizations follow one or a combination of the
following methods.
?

Face to face classroom training
It may not be viable in case the number of
employees to be trained is large but can be used
for orientation or introduction by line managers.

E-learning
E-learning is a cost-effective and useful method to
roll-out enterprise-wide data protection security
within a short duration.

Security awareness information
posted on the intranet
While having this information is useful, it cannot
function as a stand-alone method as you cannot
be sure that employees have visited the site and
understood their responsibilities correctly.

Pushing helpful hints onto
computers when they start up
This is a very helpful reinforcement strategy
to enforce best practices.

E-mailing helpful hints on a
weekly or monthly basis
This too is excellent reinforcement strategy
post training.

Using visual aids like posters,
banners and info-graphics
Can be used as reminders and checklists at strategic
locations in the organization.

How E-learning Provides Effective Data
Protection Training to Your Employees?

Provides flexibility and choice
Ensures employees complete the course at their
convenience when they are more receptive to the
knowledge.

Ensures wider reach
Organizations can train more employees within less
time as courses can be developed and hosted on
the LMS, which can be accessed by anyone.

Scenarios and Case studies can be used to make
the content relevant to on the job situation.

Assessments help to ensure
accurate understanding
Employees can evaluate and test their understanding
with formative and summative assessments.

Tracking and Record keeping of
trainings administered is easy
Records of training can be made available to
regulatory authorities easily with courses deployed
via LMS.

Data Protection Training is important and
eLearning could be a viable, cost-effective
method to ensure employees are trained
smoothly and quickly.
Summ
ary

Need for Data Protection Training - How E-learning Can Help?

Need for Data Protection Training - How E-learning Can Help?

More Related Content

What's hot

Viewers also liked

Similar to Need for Data Protection Training - How E-learning Can Help?

More from CommLab India – Rapid eLearning Solutions

Recently uploaded

Need for Data Protection Training - How E-learning Can Help?