Privacy Awareness and Employee Behavior
New data privacy rules mandated by the General Data Regulation Protection (GDRP) will force new standards on privacy awareness and employee behavior. Surveys show that 80% of global companies participating in the study were unaware of the details about GDPR and the FTC regulations or their impacts. Fewer than one out of three companies believe they are prepared for it now and 97 percent of the company’s surveys do not have a plan to develop yet. The GDRP is creating an urgency for multinational companies who must begin acting now. The stakes are high with fines of 4% for any acts of non-compliance whether intentional or not. All organizations planning to do business with the EU are urged to develop strategies to bring their businesses into compliance and prepare employees adequately to avoid costly mistakes. Once a privacy program is established, data privacy awareness training should frequently be conducted.
- The GDPR stipulates that a data protection officer must be hired or appointed. It could be an existing employee. An existing, employee is an efficient way to centralize the data privacy training along with ongoing quality assurance monitoring. A privacy professional could in charge of working with HR to ensure all parties receive adequate training before working with sensitive data.
- Establish a Firm Access Governance Solution. Before training the parameters of education and level of access codes with clearances and access criteria are set. An examination of job roles and responsibilities are used to determine who is eligible for access with attestation and necessary recertification’s under the supervision of line of business management.
- Control Access Management system. The GDPR requires employees and associated contractors are only given required access to perform required duties and nothing more. Technology to establish an identity with multi-factor authentication, user credential confirmation, secure remote access, granular password management and risk-based adaptive security measures are required. Password management falls under this category because of its high risk for vulnerability to hackers. Passwords should be changed on a regular basis to enhance security.
The need for data privacy training programs is based on the necessity for becoming compliant with the new GDPR regulations which are backed by the FTC. Once all requirements are satisfied, companies may proceed with the training in any fashion that they choose. We believe that there are quite a few ways to reach target staff efficiently and more while having a little fun on the way. These are just a few ideas to get you started.
Brill, Julie, January 2016. Two-Way Street: U.S. -EU Parallels Under the General Data Protection Regulation Ghostery/Hogan Lovells Data Privacy Day; U.S. Federal Trade Commission; retrieved from https://www.ftc.gov/system/files/documents/public_statements/910663/160121hoganghostery_dpd.pdf on 10/18/16.
Dell Press Releases, 2016. Dell Survey Shows Organizations Lack Awareness and Preparation for New European Union General Data Protection Regulation (GDPR); retrieved from https://www.dell.com/learn/us/en/vn/press-releases/2016-10-11-dell-survey-shows-organizations-lack-awareness 10/18/16.
Heimes, Rita, 2016. Top 10 operational impacts of the GDPR: Part 2 – The mandatory DPO, The Privacy Advisor; retrieved from https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-2-the-mandatory-dpo/ on 10/18/16.
Research Report, 2016. Preparing for the EU General Data Protection Regulation, IAPP Resource Center; retrieved from https://iapp.org/resources/article/preparing-for-the-eu-general-data-protection-regulation/ 10/18/16.
Solove, David, 2016. “Privacy”: A Unique Play Starring Your Smart Phone, Teach Privacy; retrieved from https://www.teachprivacy.com/category/training-privacy-awareness/ on 10/18/2016.
Disclaimer: This article provides general information and materials related to contract management. This article does not provide legal advice. Agile Legal is not a law firm nor does it provide legal advice. You should contact an attorney to obtain advice with respect to any particular legal issues or questions.
For more research on privacy regulations, please read through this article from teachprivacy.com