News top

GDPR – Staff Awareness Training is mandatory?

A well-known fact in any security field is that people are usually the chink in the armour of any organisation. Whether the result of a mistake, lack of knowledge, or malicious intent, the human factor is reported to contribute to 52% of security incidents. It’s only logical to ask — why should you implement state-of-the-art IT security controls when it’s possible to bypass them using social engineering? Many see this as low hanging fruit, but that cuts both ways — while it’s difficult to have a perfect state of awareness and security among employees, it’s not that difficult to establish a basic level of awareness.


In the context of GDPR, employees are inevitably going to come in contact with user personal data, either for processing or in some other manner. While it is not the only topic covered by the GDPR, personal data security is an integral component of GDPR compliance. In order to eliminate a particularly vulnerable area of data security staff awareness is required.

While the GDPR is definitely not the most engaging topic for most people, it is not necessary for the trainings to be boring. They key is to develop awareness training that match the culture of the organisation. Methods can be either electronic or non-electronic, the former including things like eLearning, internal social media, emails, e-bulletins and latter - posters, trainings, games, etc. While electronic methods are more cost effective, things like emails and e-bulletins are easily ignored and eLearning can prove to be not engaging enough. Non-electronic methods, just by their tangible nature, offer more engagement, but also require more effort and resources – games and instructor-led trainings offered to appropriately sized audiences are engaging and efficient.

In its essence, GDPR is not a specific security framework but it does ask for a demonstration of adequate security measures. This means that promoting a culture that focuses on security by default by making use of trainings and other methods will not only strengthen the security of your organization but will also definitely benefit your long-term compliance with the GDPR and any security requirements to come. If you don’t know where to start, try GDPRQ – a GDPR gap analysis tool for your organization. The analysis will bring focus to the areas of your business that need attention, bringing clarity to complex topics while providing a detailed roadmap with actionable information. Get started today!


A honlap utolsó módosításának időpontja: 2019.03.08