Let me be a little challenging here...
What rationale do you use to consider repeating a course already undertaken? What outcomes have you defined in the training needs analysis (if you have carried one out)?
Do you wish to simply tick a box or do you want to keep a level of awareness and engagement amongst staff or do you want staff to be fully aware and mindful of everything they need to so for DP purposes (probably ending in an exam)? (For most it's the middle one, but many also just want that damned box ticked).
If you can justify repeating training (believe me, you can't) then by all means simply roll out the same training year on year.
However, you don't need to tell people the introduction to GDPR/DPA all over again, what you need to do is build on what your company does, how individuals may need to act on information in that context and also what has changed in interpretation over the past year (or other period) since the training took place.
As much as many might disagree with me, training, education and awareness is 80%+ of what a "normal" person needs to know. Putting effort into this, should be a key activity for a DPO/DP Manager/IG Manager.
If you use in-house generated training and you are confident that it covers the requirements of training, then you need to constantly update and improve training so that induction remains up to date, mandatory training is relevant and additional training helps maintain awareness.
If your in-house development can't cope with this constant demand, then you need to seek outside training help where they can bring to you up-to-date, fresh courses delivered in ways that suit your business and staff.
Also, get someone with a knowledge of pedagogy to design your approach for the next 3 years or so. Refresher training can spend ten minutes recapping and then the remaining time focussing on maybe a specific issue, engaging staff to contribute thoughts and feelings on, for example, a breach you had last year identifying root causes, how it could be prevented, what they might do differently. Better to engage on a specific topic than bore people with a repeat of last year.
Even better, plan training into team sessions, so that several times a year people are updated in bite size chunks. For example, bringing to life a recent news article on a breach or change in the law.
Also, depending on budget, get different external speakers to different "events" you might do, or even, if you can't do much of this yourself, use different outsourced trainers to provide their take on training which will cover the same things, but at least be different in delivery - not ideal, but better than the same old, same old.
There's so much that can be done, but it starts with acknowledging that training and awareness in this area is absolutely critical and it needs to be done properly.
Simon Howarth
-----Original Message-----
From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Darren Richards
Sent: 16 October 2019 09:54
To: [log in to unmask]
Subject: [data-protection] Refresher Training
Hi everyone
Just wondering what your approach to GDPR/DP/IS training is? Specifically how do you handle refresher training? I am looking at whether asking staff to complete the mandatory full training they initially carry out is appropriate for the refresher, or if we should have a more condensed version focusing on key points? I am concerned about staff engagement if we ask them to carry out the same training year after year which wouldn't change that much and takes longer to complete. Just to clarify, we have an in-house course created by our IG team that is completed via e-learning.
Thank you
Darren Richards
IT Manager (Service Delivery)
Bolton at Home
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
