Data protection training is going to be an essential part of preparing for compliance with the General Data Protection Regulation (GDPR). Time is already becoming limited to develop and implement a comprehensive training programme to enable compliance with the GDPR. Furthermore, some evidence suggests that there will be a significant skills shortage and therefore the competencies required to comply with the legislation should be identified as soon as possible. Tkm can help with every stage of training planning and delivery with further information provided at the end of the blog.
Training for staff is not a new requirement to comply with data protection laws. The ICO considers training as an “appropriate organisational measure” under Principle 7 of the Data Protection Act 1998 (DPA 1998), and it is likely that the GDPR will reinforce and strengthen this requirement.
As discussed in a previous blog, the Data Protection Article 29 Working Party’s guidance on the role of Data Protection Officer (DPO) discusses competencies being commensurate with the risks associated with processing. This is likely to be a useful approach when determining all training needs of your organisation and not just those of the DPO.
It is important to ensure that your training programme delivers the best value for money. In this context, for most organisations, this means that any investment in training facilitates sustainable, long term compliance with the GDPR. Data protection training should also deliver against relevant corporate objectives.
The success of training programmes is generally determined by the extent to which training needs are accurately identified. Once identified, the next step is to develop or acquire a solution that has the best fit with those needs. This blog covers the options available and key points to consider when deciding what training would offer best value for money to your organisation.
What Data Protection Training Solutions are Available?
There are a number of different options to consider when looking for the best training solution for your organisation. These depend upon the format and content of the training, as well as the method of delivery.
Format and Content of Training
Accredited Data Protection Qualifications
There are accredited data protection qualifications although it is important to check which body is accrediting the training. It should be an organisation that is recognised as a provider of qualifications, which you should be able to check through the accreditors’ websites. Qualifications generally provide an assurance of consistency of what is going to be covered, with those completing them reaching a demonstrable level of competence. Some providers also offer flexible learning options. It is not always possible to customise accredited qualifications, particularly for intensive courses, therefore those attending need to be capable of applying the relevant knowledge to their own working environments on completion.
Customised training does not usually have accreditation although can often significantly aid implementation and integration of learning points into business processes. Training providers will often develop customised training in consultation with their clients. There is therefore likely to be an opportunity to influence the content to match your organisation’s specific training requirements. You may find that some training providers can offer a qualification that is customised to meet the needs of your organisation.
Method of Training Delivery
In house Training
The availability of this option is likely to be determined by available budget. In house can be cost prohibitive for smaller organisations although worth considering and investigating for organisations of any size. The main advantage of in house training is that there can usually be more of a focus on the organisation, for example during discussions on application, particularly around sensitive business areas. These types of topic may not be discussed at a course with general attendance. There is also typically more flexibility about how and when the training is provided.
There are a number of different types of attended training, seminars and conferences available that focus on GDPR. Whichever option you choose, you need to be confident it will be of benefit to attend. Part 2 of our blog will look at this in more detail. In the meantime, some key points to consider are:
- Is the training accredited by a recognised qualifications body? This is likely to be particularly important if you are looking for attendance to demonstrate competence.
- Is the event going to focus on areas that are important to your organisation? The GDPR contains a number of new legal requirements and they may not all be relevant to your organisation.
- Which staff will be attending? Senior managers are more likely to require events that focus on implications of the legislation. Those responsible for practical implementation may need more detail that they can apply in their own working environment.
- Consider knowledge and competencies. There are some excellent seminars and conferences being publicised. However, it is unlikely to represent value for money to attend an event that covers the theoretical side of the legislation if those attending have no competencies in interpretation and application. There are also some great events on relevant topics such as information security. These are unlikely to be benefit to those attending if they don’t have at least a background knowledge of the topic being covered.
Tkm Can Help Plan, Prepare and Delivery Your Training
Tkm is highly experienced and has developed and delivered data protection training programmes for a wide range of clients. Able to deliver both accredited qualifications and customised training, Tkm can help from the beginning of the planning process. Services include training needs analysis as well as all aspects of data protection training programme development and delivery. Tkm can help to ensure your organisation get best value for money for your investment in training staff. New, accredited qualifications in data protection are planned for later in 2017. Further details will be added to our data protection training page.
Please contact us to discuss your training requirements.