Date Published 15 Oct 18

Are you using these 3 GDPR training tactics?

Six months on from the deadline for organisations to comply with GDPR, and the verdict from the regulators is ‘could do better’.

Specifically, the UK’s Information Commissioner’s Office (ICO) has told organisations they must continue to improve, if they are to regain people’s trust.

The ICO has conducted a second round of public research and compared the findings to its benchmark survey in 2017. The new survey showed that while the number of people who have trust and confidence in how organisations handle personal data has increased, the figure remains low, at just 34%.

So, two-thirds of people in the UK still don’t trust organisations with their data. Ouch.

The Information Commissioner, Elizabeth Denham, said:

“It’s certainly positive news that more people now trust organisations with their data and the GDPR and the new Data Protection Act 2018 will have played a part in this … However, there is still a long way to go and organisations need to realise that, unless they are trusted to properly look after people’s personal data, they will fail to realise its potential benefits to their business or the wider economy.”

In September, ICO Deputy Commissioner, James Dipple-Johnstone, revealed that since 25 May, the office has received around 500 calls a week from organisations reporting a suspected breach. He said that where breaches occur, the ICO is taking into account evidence of management accountability, and evidence of measures that provide “robust” levels of privacy and protection.

The message is clear: GDPR’s launch on 25 May 2018 was just the start. It’s here to stay and it’s good for all of us. The need to keep data safe and to be seen to be responsible gatekeepers of people’s data will remain a top priority. This will require a continual training programme.

If your organisation isn’t up to speed, don’t panic. There are things you can do now to develop a training plan for the long haul, one that will make data protection a way of life across your organisation.

1. Build on your foundations

In ‘3 reasons not to panic about GDPR training’, we showed how L&D can rev-up their GDPR learning by building on their existing compliance training to reflect the additional requirements of GDPR. Make use of what you’ve already got.

2. Blend and sustain

Having kick-started the engine, keep it running for the ongoing journey, with a continuous training plan. ‘How to forge a strong GDPR learning campaign’ is a step-by-step guide on how to build an holistic, blended learning campaign using the three phases of preparation, activation and sustain. It suggests activities that work well in each of the phases – in the ‘sustain’ phase, these activities include refreshers, coaching and reinforcement.

3. Reinforce with an updatable game

While a tailored blend is best for high risk staff, a game that teaches the basics quickly is probably a better solution for everyone else. Sponge created just that, a game called GDPR Sorted! which targets the general workforce. Early results taken from 15,000 GDPR Sorted! players at organisations in 26 countries are impressive:

  • Completion rate over 90% in some organisations
  • 16% of players played it in their own time – 51 people even played on a Saturday night!
  • 339 people played the game more than 10 times
  • 27% of people played the game multiple times
  • 27 minutes average playing duration

Our own internal research shows GDPR Sorted! players reported:

58% knowledge lift

38% increase in confidence levels in applying GDPR

91% of participants would change their approach to personal data after playing

91% enjoyed playing the game

With a complex topic and lots of information, a game can instil key information in an engaging way. Critically, a game also allows people to make decisions safely. It can work well as part of a continual learning programme because people can return to it to refresh and reinforce their knowledge. And the content can be adapted when the regulations change.

And finally…

If you didn’t think you could learn the basics of GDPR in a game, then you need to put GDPR Sorted! to the test. We’ll be showcasing this unique game at the Data Protection World Forum event at Excel London on 20-21 November 2018. Seek out our exhibition stand to play the game and find out more about how to build a long-term learning strategy to keep your people on top of data protection and security.

You can meet Sponge UK at our GDPR Conference on 8th November 2018

Get In Touch

Please complete the below form