Pourquoi faut-il former ses salariés au RGPD ?

GDPR governs the organisation of companies in the European Union since 25 May 2018. Today, without the prior consent of each visitor to your website you cannot handle their personal data of any kind. But what is personal data? And what are the principles of the European regulation? Why is it important to train your employees on the GDPR?

What is the GDPR?

The GDPR or General Data Protection Regulation is a European regulation on how companies and organisations should deal with personal data. It supersedes the Data Protection Directive 95/46/EC and applies since May 25th 2018. Directive de 95/46/CE sur la protection des données personnelles et s’applique depuis le 25 mai 2018.

This regulation concerns three operators:

• Data controller ;
• Subcontractor ;
• Citizens and personal data owners.

This regulation requires greater transparency on the part of companies about the purpose for which personal data is collected.

What is personal data?

Personal data is any information relating to an identified or identifiable natural person, either directly (surname, first name, e-mail address) or indirectly (by means of an identifier, telephone number, biometric data, several specific elements relating to his or her physical, physiological, genetic, mental, economic, cultural or social identity, but also voice or image).

Some data are categorised as sensitive. The processing of such data is highly regulated and requires enhanced protection measures. Examples of sensitive data include
racial or ethnic origin;
sexual orientation ;

• religious or philosophical convictions ;
• political beliefs ;
• trade union membership ;
• health condition
• biometrics ;
• genetic data ;
• criminal convictions and offences.

Why is it important to train your employees on the GDPR ?

Training your employees on the GDPR has 3 significant advantages for your organisation. Here are some explanations.

It is primarily a statutory requirement

Training employees on the GDPR is one of the obligations set out in the European regulation. Art.39 specifies that it is the role of the Data Protection Officer to "monitor compliance with this Regulation [...] and with the controller's or processor's internal rules on the protection of personal data, including the allocation of responsibilities, awareness-raising and training of staff involved in processing operations, and related audits"

However, it is not clear how the training should be carried out.

Non-compliance can quickly become costly

La CNIL (Commission nationale de l’informatique et des libertés) est l’organisme chargé de veiller au respect du RGPD. En cas de non respect de la loi, l’entreprise peut se voir attribuer par la CNIL une amende de 20 millions d’euros dans les cas les plus graves ou 4% du chiffre d’affaires annuel mondial. À noter que l’amende varie en fonction de la gravité des faits.

A long-term investment

Former ses salariés au RGPD permet à chacun de savoir, suivant son niveau de responsabilité, ce qu’il peut collecter ou non comme données.
Examples: marketing department, after-sales service, etc., with particular attention to the empty fields in customer files.

This allows the company to remain compliant with the regulations in a sustainable manner. Regularly instilling these good practices among your employees allows you to involve your workforce from the start and apply Privacy by Design

As a reminder, Privacy by Design is the consideration of data protection from the design stage. It can only be achieved by regularly raising the awareness of employees.

Work and Play offers Blended Learning courses dealing with GDPR

Work and Play has created a RGPD training course in partnership with SME from the law firm Haas AvocatsThis training programme is designed for all employees and provides an opportunity to learn about the regulations governing personal data. Here's a taste of it:

Faced with the threat of a cyberattack, you believe that the GDPR could limit the risks. But is it well understood and well implemented?

Take a tour of your organisation, investigate and fix the errors.

Be careful, the slightest negligence can have serious consequences for your organisation and its customers.

For the ones who want to know more about our courses and test the demo, please click here.