Barely a week goes by without a data breach dominating the headlines. Last month it was Uber. And this month it looks like eBay is the latest victim with personal information of its customers scattered across the web for anyone to find.
While the focus of coverage to date has largely been on high-profile cyber-attacks, accidental breaches – caused by employee error or issues occurring while data is controlled by third-party suppliers – accounted for 30 percent of overall breaches over the past year.
That’s an incredible risk to your business when you think about it – particularly with legislation, including the General Data Protection Regulation (GDPR), on the horizon.
Effective 25th May 2018, GDPR increases the importance of training your employees – especially given that fines for non-compliance can be up to €20m or 4% of global turnover (up from the current maximum of £500,000). Intentional or not, a simple, honest employee error in a post-GDPR world could cost a business millions.
When it comes to training your global workforce on the upcoming GDPR legislation, there are 5 tips that every brand should take into account.
1 – Remember GDPR affects ALL employees
Many companies overlook the fact that GDPR applies to EU residents, and not just EU companies. As a global organization with EU customers, it means you need to ensure that all staff – regardless of location – understand the regulations. There’s little point investing resources on training EU employees, only for a colleague on the other side of the world to jeopardise compliance – simply because they didn’t know the rules.
2 – Start your training now
There are just under six months to go until GDPR takes force. Start the training now, deliver regular updates and reviews to ensure colleagues understand the full scope of the legislation. The regulation needs to be weaved into the day-to-day fabric of your organization – and that includes people.
3 – Consider the format
Despite the focus on financial penalties, the GDPR is an opportunity to get closer to your customers, be more relevant and create valuable relationships. A one-off training session isn’t enough to achieve that. Training should be ongoing. It also needs to be continually re-enforced, and all employees need to demonstrate they understand the regulations, the implications, and what they need to do to support the company’s compliance. One of the best ways of delivering, and tracking progress, is through eLearning.
It’s a cost-effective – and rapid – way of delivering and measuring a global training plan. Of course this can be blended with classroom sessions, but the digital aspect means colleagues can conduct training around their own time constraints, and progress can be easily tracked.
4 – Make it relevant
It may sound obvious, but you would be amazed to hear how many companies fail to tailor their training programs to employees’ roles. As Tim Walters and I recently discussed, GDPR is like no legislation that has come before it, it is a business imperative, not an IT or compliance issue. Employees need to understand how GDPR impacts their daily role, and the potential risks that they may not be aware of.
5 – Don’t forget the language
Now you’ve developed your eLearning program, you need to roll it out to your global workforce. Of course, not all your employees will speak the same language, so it’s vital that eLearning content is delivered in their local language.
Once a uniform structure for your training material has been developed, along with the content, it can then be localized into any language. This needs to be done in a consistent way. Approved terminology and Translation Memories allow the overall consistency of the content to be maintained not only within a single training asset, but across all of your eLearning projects. By automating the translation process as much as possible, text segments that have already been translated can be retrieved from the database and reused over and over again. This helps ensure consistency of training across all languages while reducing your review cycles between alpha, beta and gold.
These are just some of the considerations that companies need to take into account. The GDPR is the largest legislative change to personal data seen in two decades. With less than six months to go, it is crucial that brands start training employees now if they don’t want to be among the first to fall foul of the legislation next year.