

Data Privacy
Awareness Training
Affordable Training Your Staff
WHEN DO YOU NEED PRIVACY TRAINING?
Data privacy awareness training is stipulated in articles 39, 47 and 70 in GDPR and in recitals in the newer (post brexit) GDPR-UK regulation. California legislation also requires it It’s CCPA/CPRA acts of 2020/21 while HIPAA includes training requirements under 45 CFR § 164.530(b)(1) of the privacy rule. Basically it’s expected that staff involved in any customer or health personal data processing activities will be trained at a minimum on a yearly basis on compliance obligations and privacy risks.
In addition to the regulations, privacy training is also required as a matter of common practice in the following cases;
- After a suspected / confirmed data privacy breach
- Onboarding of new hires (HR Process)
- For staff supporting high risk personal data processing operations
- For data protection officers, privacy managers, compliance staff
- To meet audit objectives & regulatory requests for proof of training
- For ISO27k / SOC2 certification as proof of compliance
The companies management is expected to ensure that awareness training is conducted regularly to meet compliance objectives.
If training is not conducted on a regular basis, regulators will take this into account when assessing fine severity in cases of a breach and of course there is a much greater chance of a costly breach based on lack of awareness.
WHAT SHOULD I KNOW ABOUT DATA PRIVACY!
Data privacy training scope is important. When undertaking training for your employees, you should factor in the following 10 key areas;
- The top reasons why companies are breached and fined today
- Types of personal data (PII) / ePHI
- Main data protection regulations and acts (GDPR, CCPA, HIPAA etc)
- Existing company policies surrounding data privacy (handling access requests & incidents, media handling, direct marketing, data sharing etc.)
- How to prevent accidental data disclosure
- Common social engineering attacks
- Safeguarding personal and company devices
- Key customer/patient rights over their records
- Reporting an incident or complaint
- Review of common complaints cited in privacy cases (major class actions, breaches)