What employees need to know about GDPR

The General Data Protection Regulation replaced the Data Protection Act on 25th May 2018 and explicitly required all companies that deal with or collect personal data from anyone within the EU to have staff training in place. 

The GDPR means that if you collect and use personal data belonging to someone in the EU, your actions and activities will be regulated by it, regardless of where you are in the world. 

Every organisation that deals with EU data wants every one of their customers and colleagues to be confident that they can be trusted to treat their personal data with the privacy and care that it needs.

What is covered by GDPR?

The GDPR covers any information you may store that can identify an individual, but we’re not just talking names; it can include things such as bio-metric, genetic, cultural and economic information as well as email and IP addresses. 

Organisations cannot afford to ignore their responsibilities and must provide suitable staff training.

Failure to adhere to the GDPR could mean fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater.

Despite these explicit requirements, many companies still believe that it’s just not necessary and are leaving their organisation at serious risk of penalty.

What must every employee know about GDPR

First, they must be able to recognise different types of personal data including email address, biometric, online and geolocation identifiers. They should also know how to keep this data safe by using password protected documents and be aware of best practice for sharing files or transferring data.

They must also be able to recognise and report possible personal data incidents and breaches and be aware of the consequences of non-compliance.

That may sound like an expensive hurdle, a complicated task that would require huge strides and huge costs in the run up to overcoming it, but thatʼs simply not the reality. 

Can online training really be effective?

GDPR readiness is legally required and is far less time-consuming or expensive than you might think, regardless of perceived obstacles such as company size, staff locations, or how much time you have to allocate to busy employees.

Elearning is a great way to train staff on GDPR – using case studies, quizzes, multiple choice scenarios online courses should be used to really test staff knowledge before they have access to personal data.


Kate Carter is Marketing Manager at Engage in Learning. She has a 25 year career in  b2b sales and marketing where her role is to promote the company’s products and services through multi-channel media. Kate speaks fluent French and enjoys travel in Europe and the US.