Data Protection Training: Why Only Bespoke Will be the Right Fit
Wendy Spires of data protection platform and consultancy Trace, explains why a bespoke approach to training is vital – but also how that can be a business-friendly version rather than an arduous effort.
There are a lot of generic GDPR courses out there. The quality, and pricing, is variable to say the least. I think a lot of programmes might have failed due to content which just isn’t relevant or engaging enough.
The broader point is that generic, off-the-peg training is never going to be the right fit. The fact is, not everyone finds data protection compliance compelling (shocking right!?) and if you don’t make training relevant to that person’s role and responsibilities right away, then really you are wasting your time. The content just won’t land.
Our bespoke approach to training is focused all around real-life scenarios at your organisation, using the processors and processors you deploy every day. This not only brings training to life; it also transforms these sessions into an opportunity to actually get things done too.
We believe Privacy by Design should extend to how organisations themselves are designed and that compliance should therefore be embedded right through every element of how the organisation conducts itself. Ideally, organisations should be working towards a vision where everyone ‘owns’ data protection compliance and can record new processes and document them properly on a diffuse basis.
Getting teams together for worked examples of how to carry out Data Protection Impact Assessments or teaching staff how they can get suppliers to fill in Processor Assessments for them using Trace are both powerful ways to help get you there.
‘Selling’ data protection compliance
A lot of training takes a hectoring tone, warning of the costs of non-compliance. That is one approach (and probably one best left to the more recalcitrant ‘hard cases’!). We prefer to take a more positive tone and focus on the business benefits that are readily accessible through following the principles of Privacy by Design. Again, a bespoke approach allows us to zero in on this ‘sell’.
We recently found, for instance, that a client’s marketing team was deleting far more than it needed to and was losing lots of valuable data by overshooting the mark. We showed the team how more precision in its consent and Data Subject Request processes allowed for more preservation of information collected.
Similarly, we helped another client working in a sensitive area to address privacy risks in a tightly documented fashion and then to use that as a selling point for new clients. Our conversations in training actually became the basis for sales scripts.
The key thing to remember is that everyone is exceptionally busy today and so there needs to be a clear benefit for every attendee at your data protection compliance, and that takes tailoring.
Team-specific sessions
We believe that the best results come from taking team sessions for data protection compliance training. Not only will the processes, legal landscape and regulations be very different for Human Resources as compared to Marketing, the types of data collected will be very different too.
IT teams warrant special consideration. Every new data processing activity the organisation engages in or processor it contracts with is likely to cross their desks, making IT teams an invaluable resource and a team which should be very well acquainted with their responsibilities.
Here again, knowledge of how that organisation really works technologically is required for training to really make sense. Perhaps more than anyone else, techies really hate having their time wasted.
Business-friendly bespoke
Of course, none of this is to say that training has to be started from scratch every time. There are ‘eternal truths’ that all your employees will need to be aware of and which represent a baseline of required knowledge. We have, for example, prepared an onboarding course for a global FinTech client so that they can ensure all their staff, including their team of data scientists are up to speed on good data management and privacy risk protocols before accessing secure environments. We also partner with WWF on Privacy by Design training. This is a prime example of where an organisation’s values need to be given due attention in training programmes and for us into the client's tone of voice when writing content.,
To go beyond baseline to where compliance delivers business benefits, the important thing is how you add relevant use cases on top. Rather than made to measure, our approach to training is to take off-the-peg and then make that package bespoke by tailoring our wealth of multimedia content to your needs and adding specific units in line with your aims. If you have specific examples you would like to work through, then so much the better.
That is business-friendly bespoke: the Trace methodology for making data protection compliance training relevant and engaging for your staff – and an effective use of time for everyone involved.
Can we help you build bespoke data governance and privacy training? Book a no obligation consultancy call to discuss your training project and objectives with us.