Among the many DPO tasks, addressing the human factor is perhaps the most challenging. Effective training can transform an organisation’s weakest link into its greatest asset. Yet compliance training is often met with eye rolls by staff, while senior managers see it as a necessary “one-and-done” evil. The result: managers chase employees, employees reluctantly comply, and DPOs continue to hand-hold or clean up after teams that have disregarded or misconstrued data protection requirements.

With laws like the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and Brazil’s General Data Protection Law (LGPD) raising the stakes, getting training right is mission-critical. High completion rates and deep engagement are essential for training to stick.(1) Gamification may help.(2)