Two other key areas in training should cover how employees handle personal data and how the data breach reporting process works. Personal data handling involves areas like secure disposal, secure storage, technical controls (e.g. access controls, passwords), physical security etc.
From a breach reporting aspect, it’s important that employees know incident reporting procedures and timeframes. They should be aware of what to do if they suspect a breach and who to contact.