The trainings make it possible to familiarize the personnel with the basic principles of personal data protection.
The aim of the trainings is to:
- familiarize the personnel with the basic principles of personal data protection;
- familiarize the personnel with the basic principles of personal data processing;
- enable enforcing the proper processing of personal data from employees and co-workers;
- enable proving to the supervisory authority that we trained our personnel in proper processing of personal data.
Without the trainings it is difficult to:
- make the personnel understand the importance of lawfull processing of personal data;
- make the personnel understand the basic principles of personal data processing;
- implement the principles of processing of personal data resulting from the prepared documentation;
- demonstrate to the supervisory authority sufficient efforts of the controller to protect personal data.
The training may be carried out:
- in preliminary stage of implementation of GDPR requirements;
- as the last stage of implementation of GDPR requirements;
...whereas it is recommended to train the personnel in the application of the basic rules of dealing with personal data specified in the documentation prepared by the controller, which is obviously possible only after preparing such documentation. Training conducted in isolation from the documentation governing the processing of personal data and in isolation from safeguards, which the entrepreneur decided to implement as part of the prepared risk management plan, will be abstract and may not be sufficient to ensure proper protection of personal data.
NOTE! Contrary to the rumors that often appear, staff training is not an unconditional obligation resulting from the GDPR. On the other hand, GDPR training is an important element of the personal data protection system - one of the key organizational safeguards allowing to reduce the risk of personal data breach.