Automatically Assign Training to Users Who Lack GDPR Knowledge
A quick online search of “GDPR news” reveals that, more than 100 days following the May 25 enforcement date of the General Data Protection Regulation (GDPR), new data privacy rules are having some far-reaching (if unexpected) consequences. From shareholders suing their own corporations over preparedness missteps and battles over the right to be forgotten, to medical tests being cancelled at the eleventh hour and restrictions around access to certain pieces of online content, organizations and consumers alike are adjusting to post-GDPR life.
Although (as of this writing) the first non-compliance fine has yet to be levied, with big-name data breaches happening and consumers more alert to their rights, it’s most certainly a case of “not if, but when.” And given that, two weeks after the GDPR enforcement date, nearly a third of organizations admitted that they were not GDPR ready — and more than half said they could use “an extra three months to get their house in order” — it seems that those “whens” could keep coming … and coming … and coming.
So the question is: Is your organization GDPR ready … or is readiness still a work in progress?
Don’t Dismiss the Role of End Users in GDPR Preparedness
GDPR readiness is, of course, a many-headed beast: data discovery, documentation, updating technical safeguards, applying encryption measures, and other activities are all part of the process. But one component of GDPR prep is often kicked down the road under the assumption that technologies and policies will be enough of a safety net. And that component is staff training.
The simple reality is that end-user mistakes can negatively impact security postures in general and GDPR compliance measures in specific. If you haven’t trained your end users about GDPR or you don’t have a good sense of how well they understand their role in maintaining compliance — or both — it’s well past the time to remedy those issues. The good news is that we can help you both assess knowledge and deliver training, all in one simple step.
Don’t Settle for Being Reactive – Get Proactive About End Users’ Understanding of GDPR Mandates
As part of our leading security awareness training offering, we’ve developed multiple tools related to GDPR that will help ensure your end users understand the most important parts of the regulation and the best practices they can apply to ensure they are meeting data privacy requirements.
First, use our CyberStrength® Knowledge Assessments, which allow you to evaluate end users’ understanding of a range of cybersecurity topics, using our library of more than 185 questions or your own written queries. With our Predefined CyberStrength assessment about GDPR, you can specifically narrow in on knowledge of this particular regulation, and automatically deliver follow-up training (using one or both of the modules noted below) to any users who do not exhibit a satisfactory level of familiarity with this topic. This is a valuable exercise for your organization; our 2018 Beyond the Phish® Report revealed that protecting confidential information continues to be the top sore spot for employees. In fact, our analysis of assessment and training data showed that end users incorrectly answered 25% of questions about the GDPR and other compliance-related subjects.
Second, use our two GDPR training modules — GDPR Overview and GDPR in Action — to deliver interactive, scenario-based education to about the GDPR and the data end users are required to manage and protect. GDPR Overview introduces end users to the requirements of the regulation and the concept of data privacy, and helps employees understand why they need to be active participants in overall GDPR compliance. GDPR in Action complements the overview training by presenting more in-depth, action-oriented scenarios that challenge users to think about how the new regulation impacts their day-to-day business activities.
We can help you take positive steps toward GDPR readiness (and help your users better retain the information they already to know about the regulation). Given that your employees’ actions can unseat your plans for GDPR compliance, it’s time to acknowledge the positive impact that good, actionable education can have on your organization’s overall preparedness, both now and into the future.
Subscribe to the Proofpoint Blog