GDPR Regulation

GDPR Training for Employees – Security Awareness

Scenario-Based Security Awareness Training Teaches Users to Make Better Decisions – Proofpoint Essentials Security Awareness Training.

Employers need to take GDPR seriously and consider the implications of falling foul of GDPR. In particular, they need to be able to demonstrate they’ve taken steps to train their staff to an acceptable level for their role.

What is GDPR Awareness Training?

Since 2018, companies and organisations have had to comply with The General Data Protection Regulation (GDPR), a European data privacy regulation and EU law that was made to give individuals more control over how their data is collected, used, and safeguarded online. Failure to comply with this EU law can result in hefty fines. GDPR training has become of paramount importance for companies looking to learn what rules it needs to follow and what actions it needs to take to avoid violating the regulations.

Spambrella and Proofpoint

GDPR training is exactly what it sounds like; it is training for employees of companies and organisations, teaching them what to look out for and the best practices when it comes to data protection, so as to not risk staff, and therefore the organisation, breaking the rules unknowingly. After all, it’s up to the employer to ensure staff are aware of the best practices and rules of the General Data Protection Regulation.

Spambrella reported earlier in 2022 that one cybersecurity topic continues to be the top sore spot for employees: protecting confidential information. Our analysis of assessment and training data showed that end users incorrectly answered 25% of questions about the GDPR and other compliance-related subjects. (Average across all customers under Spambrella Managed Services (mSAT)- Proofpoint Essentials Security Awareness Training).

To help organizations close the GDPR knowledge gap, we now offer two interactive GDPR training modules within our education portfolio: the recently updated GDPR Overview module and a new GDPR in Action module. These two modules will help organizations’ HR Teams and Data Protection Officers educate employees about the GDPR, a critical need since end-users will be relied upon to protect the sensitive data of EU residents.

GDPR Overview

We first launched our GDPR Overview module a year ago in order to help organizations as they ramped up for GDPR enforcement. The new Proofpoint Security Awareness Training updates reflect the most recent interpretations of the GDPR, but as before, the GDPR training module offers an excellent way to introduce end users to the requirements of the regulation and the concept of data privacy. You can use this module to help employees understand why they need to be active participants in overall GDPR compliance.

GDPR in Action

Our new GDPR in Action module complements the GDPR Overview training by presenting more in-depth, action-oriented scenarios that challenge users to think about how the new regulation impacts their day-to-day business activities. This module is designed to minimize an organization’s risk of non-compliance with the regulation by making end users aware of the types of information that are protected under the GDPR and giving actionable advice on how to handle EU residents’ personal data.

GDPR in Action provides the following benefits:

  • It explores the concepts that are essential to the GDPR and how they affect organizations that hold and manage the personal data of EU residents.
  • It teaches end users what is considered personal data and how it can show up in unexpected places.
  • It leverages scenario-based training, giving end users thought-provoking situations to evaluate, with real-time feedback on their decisions.

Factor Employees Into Your Compliance Equation

In speaking about the GDPR and the release of the new GDPR in Action module, Holly Faulkner, our General Manager of Proofpoint Essentials SAT, stressed that employees must be factored into compliance-related activities leading up to and following the enforcement date. “The GDPR will bring monumental changes in the way the world handles the personal data of EU

Do All Employees Require GDPR training?

You may think that only those employees who regularly work in this area, such as IT Specialists or Data Protection Officers, require training to comply with the General Data Protection Regulations. However, any employee in the organisation could be at risk of causing a data breach, with this risk obviously increased if they’re unaware of key facts, such as what constitutes a data breach, or what best practices are when protecting data.

To be GDPR compliant, it is a requirement that companies and organisations show they are acting in accordance with the law throughout the organisation. Article 25 states that companies must have adequate controls to ensure compliance.

There’s a very good reason why all employees should have some form of training to comply with the legislation. A recent study found that 85% of data breaches involve the human element; employees are a major reason for data security concerns. As the ICO, the organisation responsible for implementing the GDPR in the UK, says, “Data protection is everyone’s responsibility, so you’ll need to provide training to everyone who works for you, including temporary staff and volunteers”.

GDPR Compliance Checklist

The GDPR will affect many organisations around the world—no matter where they’re based. And complying with the new rules will be no small feat.

Here’s a short GDPR checklist for addressing GDPR compliance:

  1. Know your data-protection directives and what data must be protected to stay compliant. This includes data of both customers and employees.
  2. Run a data protection impact assessment (DPIA) (Article 35). The DPIA looks at all touchpoints for an EU citizen’s protected data. This is independent of where data processing or storage occurs. The DPIA output should be a detailed risk assessment.
  3. Address the right to erasure, data portability, as well as breach detection and notification. This requires strong enterprise and organisational technical controls, procedures, and governance.
  4. If you have more than 250 employees, you may need a DPO (Data Privacy Officer), even if you’re based in the United States.
  5. Review all aspects of your data collection process including mailing lists and all channels where data is collected.
  6. Communicate the importance of compliance and GDPR across the organisation including marketing.
  7. Add consent forms on your website pages including a cookie notice that explains the ways cookies collect data and send data to third parties, if applicable.
  8. Create a verification process for users under 16. GDPR requires parent consent to collect and use data for children under 16.
  9. Validate country of residence so that you know if GDPR rules apply to specific users. Note that GDPR also considers IP address as personal data in some cases when it identifies an individual.
  10. Be prepared to notify regulators of a data breach within 72 hours after the organisation realises a compromise.

Automation and GDPR with Proofpoint Essentials Security Awareness

Spambrella has built a unique schedule that blends GDPR training with other data protection training modules. All of these modules are vital to your workforce and will help harden your employee security awareness. Spambrella is a dedicated distributor of Proofpoint Essentials, delivering best-of-breed managed services for customers of both Email Security and Security Awareness Training Services. With any level of training, the process can be a long one – Spambrella has designed a fun, gamified blend of educational videos and quizzes to get the best out of your team’s GDPR training and education experience.

Contact our helpful sales team today to set up a free and quick demonstration.

GDPR – Data Processing EU Data as a US Business

Spambrella – Trust & Privacy