General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) requires workforce privacy awareness training. Under Article 39, the GDPR includes among the tasks of the Data Protection Officer (DPO) “awareness raising and training of staff involved in the processing operations.”
There are three types of training that are relevant in light of GDPR:
(1) General Workforce Privacy Awareness Training – basic privacy awareness for the entire workforce
(2) Training About GDPR — training that introduces select employee groups to GDPR (i.e. employees who need to know more about how GDPR works)
(3) Role-Based Training — training for specific roles in organizations, such as designing products and services for privacy or vendor management
General Workforce Privacy Awareness Training
For the general workforce, global privacy awareness training need not make employees experts on the GDPR. Instead, the training should focus more generally on privacy. Training should teach employees what to do to protect personal data to respect people’s rights and fulfill the obligations of GDPR, including GDPR responsibilities, GDPR rights, and GDPR penalties. Training should also explain why protecting personal data is important. The courses below offer privacy awareness training that focuses on core principles of privacy.
This course focuses on key concepts of privacy common across international jurisdictions as well as explains areas where approaches to privacy diverge. The course is designed to satisfy EU General Data Protection Regulation (GDPR) training requirements but also to work for the US and other jurisdictions. There are 20-minute and 30-minute versions of the course.
This course (~ 25 minutes) covers the same material as the Global Privacy and Data Protection course but with some additional content and in a different style. The course focuses on key concepts of privacy common across international jurisdictions as well as explains areas where approaches to privacy diverge. The course discusses why data protection and privacy are important, how to recognize personal data, and the various responsibilities that must be followed throughout the life cycle of personal data.
This privacy awareness training course (~ 15 minutes) is a highly-interactive overview of privacy responsibilities and protections regarding the collection, use, and sharing of personal data. The course tracks the life cycle of personal data, starting from when it is collected or created. The course concludes with a discussion of data retention and destruction.
Personal information is sometimes referred to as personally identifiable information (PII) or as personal data (the term used in the EU). Defining what personal information is — and being able to identify it — is essential for privacy awareness training because privacy laws and regulations are triggered if personal information is involved. Personal information can be a tricky concept because it is sometimes contingent and contextual. This PII training course (~ 8.5 minutes) is an overview of how to identify personal information. It explains clearly and understandably what personal information is and how to approach identifying it.
This course (~ 5.5 minutes) provides a basic introduction to how to identify and define personal data or personally identifiable information (PII). The video discusses the distinction between ordinary PII and sensitive data. It also explains that identifying PII is important because it triggers privacy rights and obligations. The video concludes by discussing the importance of knowing the data you collect, receive, and transmit.
To protect personal information, it is important to follow the Fair Information Practice Principles (FIPPs). This short course (~4 minutes) focuses on what protecting people’s privacy entails. It provides an overview of the basic FIPPs and explains why they matter. The course offers concrete guidance to workforce members about how they should collect, use, store, and protect personally identifiable information (PII) or personal data.
Training About GDPR
The courses below are for employees who need to know more specific detail about GDPR and related topics.
This program (~5 minutes) is an interactive whiteboard that succinctly summarizes the GDPR. It can readily be used on internal websites to raise awareness and teach basic information about GDPR. It can also be used in a learning management system.
This course (~7 minutes) provides a brief introduction to the GDPR for lay employees who need to know the basics. The course discusses the scope and applicability, the basic terminology of the law, the GDPR rights provided to persons in the EU, and the GDPR responsibilities an organization has in order to comply. The course explains the importance of GDPR compliance and discusses how it is enforced as well as the GDPR penalties, which include fines of up to 4% of total annual worldwide turnover.
This course (~7 minutes) provides a brief introduction to the EU-US Privacy Shield Framework that was adopted by the European Commission in 2016 and replaced the previous Safe Harbor agreement practices. It discusses the purpose and origin of Privacy Shield and the key Privacy Shield principles (Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement, and Liability). The course also emphasizes the importance of complying with Privacy Shield and explains the consequences for failing to do so.
This course (~7.5 minutes) provides a basic introduction to privacy law in the European Union. It discusses the main differences between EU privacy law and US privacy law. It has been recently updated to discuss key features and developments regarding the General Data Protection Regulation (GDPR).
Some individuals will require more specialized training about new responsibilities they will have under GDPR. We offer courses for specific, role-based privacy training.
To effectively design for privacy, one must identify and assess the various privacy issues that might arise. This course (~15 minutes) provides a framework to help people spot privacy issues and understand their implications. Professor Solove uses his well-known taxonomy of privacy to explain how to identify the various privacy issues that might arise with new products or services. This course will be helpful to engineers and designers of programs, software, websites, and other products or services that could implicate privacy. The course is also useful for the entire privacy compliance team. The course provides a roadmap and framework to help people spot privacy issues and understand their implications.
This vignette (~4 minutes) demonstrates in a humorous way why it is essential to consider privacy issues when designing products and services. The video explains the types of issues that can arise and the importance of addressing them early on in the design process. This course will be helpful to emphasize privacy concerns to engineers and designers of programs, software, websites, and other products or services. It will also be useful for the entire privacy compliance team.
Under the GDPR, organizations can be liable if a third-party organization they contract with violates the privacy of an EU citizen. This privacy training program covers vendor management issues when data is shared with third party vendors. In particular, the program discusses due diligence in selecting third party vendors and the types of data protections that should be included in the contract with the vendor.
About Professor Solove and TeachPrivacy
This resource page was written by Professor Daniel J. Solove. Professor Solove is a law professor at George Washington University Law School and the leading expert on privacy and data security law. He has taught privacy law every year since 2000, has published 10 books and more than 50 articles, including the leading textbook on information privacy law and a short guidebook on the subject. His LinkedIn blog has more than 1 million followers. Click here for more information about Professor Solove.
TeachPrivacy provides privacy awareness training, security awareness training, phishing training, HIPAA training, FERPA training, PCI training, as well as training on many other privacy and security topics. TeachPrivacy was founded by Professor Solove, who is deeply involved in the creation of all training programs because he believes that training works best when made by subject-matter experts and by people with extensive teaching experience.
Please Contact Us If You Are Interested In Privacy Awareness Training
We can provide you with a login so you can evaluate the programs. Click here for our catalog.