Investing in privacy culture, good ethics and governance
Privacy tools, eLearning and compliance, in isolation, will not improve the collective knowledge, attitude, or behaviour of an organisation. By Steve Wright of Privacy Culture.
Given that the General Data Protection Regulation (GDPR) only came into force in May 2018, it has not taken long to realise that demonstrating compliance through annual training alone is not enough to give Data Protection Officers (DPOs) comfort that, when the time comes, employees are able to recognise and react to data protection and privacy risks. The same applies to handling data incidents or responding to data subject access requests in an appropriate and timely fashion.
A common misconception is that a culture of privacy is the conclusion of an awareness, education and training programme only – it does not necessarily mean employees believe or feel that they, or their organisation behave in a data ethical and legally responsible way when it comes to handling personal data.
UK Report subscribers please login to access the full article.
If you wish to subscribe please see our subscription information.