The GDPR has brought with it numerous obligations for organizations and companies and has also brought many existing obligations back into consciousness. One of these duties is to regularly inform and train employees and other members of the organization on relevant topics of data protection and IT security. As a result, employees regularly attend data protection training courses and presumably have to endure themselves as they see fit. The fact that the training courses are seen more as an imposition or an opportunity to take a nap is primarily due to the fact that the subject of data protection not very popular with most people.
This is a shame, however, because the need to give employees the relevant data about data protection also offers them an opportunity to sensitize them to the important aspects of IT security that affect everyone. In addition to the obligation to comply with the relevant regulations in the GDPR , such as For example, to inform about the confidentiality obligation when handling personal data, data subject rights or data protection incidents. There is also the option to supplement this data protection training content with topics that are of great importance for a secure company with secure IT. For example, secure passwords, the correct handling of phishing emails or the correct behavior in the event of a security incident. The tiresome topic of data protection training is used to improve one’s own security.
Make data protection training interesting
Data protection training courses are particularly effective when they arouse interest in the listener. You should therefore not stop at a boring data protection training course, in which only dry content is conveyed. In order to reach the data protection training visitors, they need to be confronted with topics and scenarios that they personally understand.
For example, you can show how easy it is to crack or guess our everyday passwords, which are still used by a large proportion of people. By showing how easy it is to get very personal things such as the school someone went to or the Know the name of the pet. If you then mention how often such supposedly secret information is used in passwords, you will probably look into some of the faces of caught participants.
Data protection training courses must be remembered
In order for data protection training measures to be effective and for what is said to “hang”, the topics must also have a personal aspect for the participants. As part of a training course, explaining how one can also be personally affected by cyber attacks or hackers and how one can protect oneself from them, experience has shown that it is much more interesting than the tenth circular, in which it is pointed out that please do not respond Attachments in Phishing Mails without explaining what phishing actually is. The important factors for IT security for the company are also transported along the way. The same applies to data protection. Here, participants can be educated on topics relevant to them, such as the right to information, giving them an effective means of combating annoying advertising calls and at the same time informing them about the right way to behave should a data subject ever come before them with a request for information from the company.
The topic of data protection also stands and falls with the way it is conveyed in data protection training courses. Attention should be paid to an appealing type of presentation as well as understandable language and sufficient time to explain the relationships so that the topic reaches the target group and, in addition to the obligation for training, also the choice of improving the Cyber Security and the reduction of risks from cyber attacks is achieved.