Why should your organisation train staff on the GDPR?

The GDPR (General Data Protection Regulation) took effect on 25 May 2018, but many organisations still struggle with compliance. To ensure your organisation is compliant, it is essential that your employees understand their obligations under the GDPR.


Article 39 of the GDPR states that staff awareness and training are required. If you haven’t yet provided any training to your staff, don’t panic – it’s not too late.

Not every member of staff needs the same level of understanding of the Regulation. A compliance officer, for example, might be expected to have a full understanding of the GDPR, whereas administrative staff might only be expected to understand aspects that directly relate to their role.

Effective GDPR training should:

  • Reduce the risk of data breaches and consequent financial loss;
  • Reduce the occurrence of human error;
  • Be appropriate for a wide range of audiences, including non-technical staff; and
  • Provide confidence that the organisation is prepared.

If a data breach occurs, staff training helps prove that you have taken your obligations under the GDPR seriously.

Data subject access requests 

Under the GDPR, individuals may request access to their personal data. This is known as a DSAR (data subject access request). In order to process DSARs within the one-month timeframe required by the Regulation, your staff must be able to identify and appropriately deal with such requests when they arrive.

How compliant is your organisation?

GRC eLearning can help your organisation understand the GDPR and achieve compliance. Our GDPR Staff Awareness E-learning Course provides a complete foundation on the principles, roles, responsibilities and requirements of the Regulation, and reinforces the importance of security best practice.