We have heard that the weakest link in a security chain is the processing of information by employees.
Some of the most common risks of not implementing employee training include changing passwords on computers and their lack of security, documents that are exposed for everyone, documents with personal information that are discarded without being destroyed, indiscriminate access to servers, absence of security copies, incorrect use of e-mail, allowing the infiltration of malware.
For this reason, the General Data Protection Regulation gives special importance to staff training, in order to avoid security breaches and unauthorized access. Being aware of this situation and, at the request of our clients, we create training plans for their managers and employees. We also send other materials such as our Awareness Kit to transmit in a simple way the correct treatment of information.
If employees do not know the principles of the legislation, they will hardly be able to follow it and respect the rights of citizens.
Is Data Protection training for employees obligatory?
The doubts arise in companies dedicated to zero cost or to sell courses subsidized by the State Foundation (Fundae). These companies usually say that annual training is mandatory and create confusion for their own benefit, as if it was a requirement of the legislation GDPR or LOPDGDD.
Is employee training recommended?
All companies must ensure confidentiality in the processing of their data treatment (art. 5.1f of the GDPR and 5 of the LOPD) and to do so without training and awareness is very complicated. Training also serves to comply with the principle of proactive responsibility and to demonstrate that measures are taken to comply with the legislation.
Leave a ReplyWant to join the discussion?
Feel free to contribute!