On May 23, we announced the availability of a new security awareness training module that will help global organizations prepare their end users for compliance with a looming standard: the General Data Protection Regulation (GDPR).
The GDPR — which brings a major update to Europe’s data protection regulations — has been several years in the making and is designed to boost EU residents’ privacy protections and improve organizations’ data handling and security practices. Our new module, General Data Protection Regulation: A Practical Overview, will help organizations avoid regulatory fines and preventable breaches by improving employee understanding of these sweeping new European privacy laws.
The GDPR: Not Just for the EU
The GDPR unquestionably has huge implications for EU-based organizations, but its focus on individual data privacy means that its reach extends far beyond EU borders. In fact, any organization that processes or holds the personal data of residents of the EU is subject to GDPR compliance — and this applies to organizations that are physically located within the EU as well as those located elsewhere that offer goods and services to, or monitor the data of, EU residents.
With the deadline for GDPR compliance set for May 25, 2018 — a year to the day from this post — you may be thinking that there’s plenty of time to prepare. Gartner certainly doesn’t think so; in fact, their analysts recently predicted that even by the end of 2018, more than 50% of the organizations affected by the GDPR will not reach full compliance. Those that fall in that category could face a major financial impact, given that maximum fines are set at up to 4% of global annual turnover, or €20m, whichever is higher.
“With Verizon’s latest Data Breach Investigations Report revealing almost 2,000 recorded breaches last year, including 20 where over a million records were lost, organizations need to improve their data handling and security capabilities ahead of new European privacy regulations,” said Joe Ferrara, President and CEO, Wombat Security.
Don’t Just Tell Your Users, Teach Your Users
You certainly can — and should — raise your end users’ awareness of the GDPR, its requirements, and financial implications using things like email, posters, and presentations. But don’t simply tell your employees what to do (and/or what not to do); instead, empower them with the knowledge and skills they need to make informed, efficient, and compliant choices about data protection.
General Data Protection Regulation: A Practical Overview can help you do just that. This security awareness training module was developed with input from multiple subject matter experts — including leading information security consultants BSI Cybersecurity and Information Resilience — and it offers a highly interactive and effective way to improve your employees’ data handling skills.
The module includes the following learning areas:
- Why the GDPR was developed by lawmakers
- Why all employees have a role to play within the GDPR
- How the GDPR classifies personal data
- What is considered a data breach
- Penalties for non-compliance
- New individual privacy rights for individuals regarding data consent, access, and erasure
- The roles and responsibilities of the Data Protection Officer
- Four key opportunities for increasing compliance and decreasing risk: accountability; data mapping; detecting and reporting exposure; and data erasure
Get more details and demo the GDPR training module.
Like our other mobile-responsive modules, our new GDPR training delivers the following benefits:
- Purpose-written content is focused, contextual, and bite-sized. Each Wombat module generally takes between 5 and 15 minutes to complete, which enables employees to more easily process and remember key points.
- Users set the pace and they must participate to progress — there is no auto-run capability. This approach to experiential learning ensures that users engage with the content, which is key to knowledge retention.
- The on-demand, mobile-responsive training format allows users to take security awareness training anytime, anywhere, from any connected device, which helps to minimize disruption to the daily flow of business.
- Our approach to security awareness and training is based on proven Learning Science Principles, combining concepts and procedures to help users engage and quickly understand. We provide immediate feedback with all knowledge tests; users always know why they were right or wrong, which drives knowledge retention and lasting behavioral change.
- The module conform to the U.S. Section 508 standard and the Web Content Accessibility Guidelines (WCAG) 2.0 AA standard, which allows you to deliver consistent, accessible training to all your end users.
“Wombat’s GDPR training module turns what could be your organization’s weakest link, its staff, into its strongest asset, thanks to a highly effective methodology that helps users understand by doing, rather than passively learning right from wrong,” said Ferrara.“With just a year to go before the GDPR finally comes into force, now’s the time for organizations to get proactive about managing compliance and reducing the risk of data breaches by driving real behavioral change among their workforce.”