The ICO has today issued a checklist for data protection training in small to medium sized companies.
Data Protection Act?
Unfortunately the information you get relates to the 1998 Data Protection Act and not GDPR. It is obviously a pity that someone didn’t take the time to tweak the document and make it more relevant. However, as they say “it’s better than nothing”
Unfortunately the amount of information being passed out to small businesses at the moment is of poor value and I’m sure many of them are completely confused. (I work with GDPR every day and I still find some parts of it a little unclear).
There are now fewer than 220 days to the full bite of GDPR and many companies are still sticking their head in the sand, hoping that it will go away. It won’t. Companies need to start data protection training now – either by getting in qualified trainers or setting up their own internal courses.
Too many people think that GDPR doesn’t happen until May 2018. That just isn’t true. GDPR came into force April 2016 for goodness sake. It is already law – it’s only the fines that are not currently being enforced.
Companies need to enforce data protection training right now and ensure that quality data procedures are in place well before the deadline.
Getting data protection training right
Companies need to ensure that they don’t try to cover everything in one go when carrying out data protection training. It’s too complex to do that. Break it down into bite sized chunks. Deal with one area at a time. Ideally get one person professionally trained by someone who knows what they are talking about if you can’t afford to have the whole team trained. But make sure they pass it on.
Getting it wrong
Getting data protection training wrong will mean you may fall foul of the ICO. It may mean that you screw up GDPR and end up with a fine. It will almost certainly mean that you may lose face with your customers .
Start now. 220 days is not a long time.