With D-Day fast approaching, full GDPR readiness should almost be complete. But while procedures may have been addressed, does your staff really understand their role in the transition? Employee awareness is not only a key part of compliance, it can strengthen your organization’s long-term position, making initiating a dedicated programme a critical aspect.

A key condition of the GDPR is that employees are fully informed of their rights and responsibilities, the systems that have been introduced and the importance of compliance to the new protective regulations.

What is more, employees must be properly trained so as to minimize the chances of data breaches from within an organization. The popular belief is that hackers are the principal culprit for data theft and system breaches but, in fact, a high percentage of incidents are due to internal errors, like accidentally emailing files to unauthorized personnel.

In fact, figures revealed in the latest Breach Level Index show that accidental data loss, which comprises unintended losses like improper disposal and database misconfiguration, were behind the vast majority of breaches in 2017. Of the 2.6 billion records stolen or compromised over the 12-month period, accidental loss accounted for some 1.9 billion. It represented a 580% increase on the number lost in 2016.

According to Article 39 of the GDPR, Data Protection Officers (DPOs) must not only monitor regulatory compliance and manage all of the internal data protection activities, they are also obliged to “inform and advise the controller or the processor and the employees who carry out processing of their obligations”.

However, the chief reason behind building employee awareness is that new initiatives are more likely to be integrated smoothly and without disruption when personnel know each stage of the process.

Purpose Of The Employee Awareness Programme

The reason for offering an awareness programme is 4-fold:

• Identify the range of potential problems, both general and specific
• Provide employees with a clear understanding of the consequences of their actions
• Establish procedures that can be (and are) consistently adhered to
• Inform employees of the compliance requirements, not just for the GDPR, but also general cyber security, payment security standards (PCI DSS) and ISO.

3 Elements A Successful Employee Awareness Programme Includes:

1. Identify Areas To Improve – Employee awareness programmes should be focused on finding vulnerable areas of the business organization, while satisfying your key business objectives. The areas can relate to cost-efficiency, internal file storage, database protection, and in even enhancing your brand’s reputation.
2. Engage Your Employees – Training programmes and tutorials are often considered necessary but boring. If an initiative cannot hold participants’ attention, then it seriously compromises its effectiveness. So, it is extremely important that your programme engages so as to encourage the highest increase in awareness possible. Achieving this is easier if you understand what your staff respond to well, so it’s a good idea to include interactive activities, games and reward systems.
3. Offer Regular Refresher Programmes – Building employee awareness is an ongoing process, so it’s a good idea to include refresher or update courses as part of the overall programme. This will help to reinforce awareness, improve understanding and bring new recruits onboard more successfully.

At Kefron, we already offer a dedicated Employee Awareness Training programme, in partnership with Olive Media, to those who wish to arm their employees with the information needed to help achieve compliance. For more details, visit our webpage and contact us.