The GDPR has brought with it numerous obligations for organizations and companies and has also brought many existing obligations back into focus.
One of these obligations is to regularly inform and train employees and other organizational members about relevant data protection and IT security issues
This means that employees regularly attend data protection training and probably have to undergo it according to their own opinion. The fact that the training courses are seen more as an imposition or an opportunity to take a nap is certainly primarily due to the fact that the topic of data protection is not very popular with most people.
However, this is a shame, because the need to tell employees the relevant things about data protection also offers an opportunity to sensitize them to the important aspects of IT security that affect everyone. In addition to the obligation to comply with corresponding regulations in the GDPR, such as: B. the obligation to maintain confidentiality when handling personal data, the rights of those affected or data protection incidents, it is also possible to supplement this data protection training content with topics that are of great importance for a secure company with secure IT. For example, secure passwords, the correct way to deal with phishing emails or the correct behavior in the event of a security incident. The vexed topic of data protection training is used to improve your own security.
In order for data protection training measures to be effective and for what is said to stick, the topics must also have a personal aspect for the participants. Experience has shown that explaining how you can be personally affected by cyber attacks or hackers and how you can protect yourself from them as part of a training course attracts much more interest than the tenth circular email in which it is pointed out that please don't Attachments in Phishing emails should click without explaining what phishing actually is. The important factors for IT security for the company are also transported along the way. The same applies to data protection. Here, too, you can ask participants about topics that are relevant to them, such as: B. explain the right to information and give them an effective remedy against annoying advertising calls and at the same time inform them about the correct behavior should a person concerned appear in front of them with a request to the company
The topic of data protection also depends on the way it is taught in data protection training. Attention should be paid to an appealing presentation, as well as to understandable language and sufficient time for explanations of the context, so that the topic reaches the target group and, in addition to the obligation to provide training, there is also the opportunity to improve it Cybersecurity and reducing risks from cyber attacks.
