How not to let data protection spoil your festive holiday
It’s almost the end of the year. Soon, you’ll be enjoying some down time with your family and friends, and having a break from your manic routine! You really need it, especially as last week, you had the mother of all incidents at your company when someone managed to send a data file of all your customers to your supplier. That was more than a cold shower, given all the time and money you’d spent on your compliance training strategy! And now, you have to find an appropriate solution to cope with the first visible disasters that have arisen, and all before the office closes this Thursday….
If this sounds familiar then I might be rubbing salt in the wound here, but there’s at least three ways you could’ve avoided this.
1. Data protection training is definitely not a “tick the box” exercise!
Proof is, data security breaches have arisen every week – if not every day, since the beginning of this year. Companies who have experienced such breaches also had training courses and policies to prevent them. But were these measures taking into account the requirements of the main protagonist – the actual employees? The answer must be no, or perhaps maybe, at best. Data protection is something you implicitly give ownership to your employees. They are the ones you train to protect your organisation, and then they are at the ones who decide to implement what they’ve learned – or not. Why then not have your learners as the starting point of your training?
It’s absolutely critical that the training content you design for them resonates with them, and engages their minds and souls, so they can adopt the right attitude. Don’t think that just because you’ve provided them with data protection training the job is done. As for any training experience, data protection training has to be personalised to your learners.
2. Next time, personalise the learning experience
Although data protection is a common concept, you wouldn’t approach it the same way if you are working in a bank as if you were working in a retail company for example, would you? And even in the same company, the environment you’re working in and the situations you have to deal with on a daily basis are different from your mates working in a different department.
The content provided to your workforce should clearly take into account the audience that is targeted, and should not only incorporate real-life scenarios which the learner is familiar with, but also be a completely personalised experience the learner can tailor fully to make the content theirs and as a result make an emotional connection with it to effectively implement what’s been learned.
At the recent eLN conference, my colleague Toby stressed the importance of personalising everything, as learners are all digital consumers and as consumers we all cry out for personalised and tailor-made products. That’s why giving the opportunity to your workforce to add features around your content to make it theirs, is a key success factor in making individuals apply that training in their day to day roles.
3. Data breaches won’t stop. Neither should your efforts to prevent them!
Once you have a data protection training strategy that puts the learner at the centre of your strategy and you’ve given them the opportunity to personalise their training, it doesn’t mean that you’re completely done. Your processes are constantly updated due to the various changes in your industry, aren’t they? And who are the first to be impacted by those changes in their daily jobs? You get my point. So don’t forget to consider the changes that need to happen to your training too.
Now that this breach has happened, you will need to build a whole new strategy in order for your organisation to recover from this disaster. In our next blog, we’ll take you through some strategies that can be used and their effectiveness.
But don’t wait until then to get in touch if you want to know the techniques that our clients have used to get compliance embedded as part of the day to day behaviours of their people.