1 minute read
5.2 Step 2: GDPR roles, awareness and training
Lastly, we suggest you keep track of your GDPR-relevant documentation using the GDPR Documentation Log, and that you get into the habit of minuting relevant meetings, even at a basic level – see the template for this in the Toolkit.
Relevant Toolkit documents:
• GDPR Roles and Responsibilities • GDPR Competence Development Procedure • GDPR Communication Programme • Information Security Awareness Training • GDPR Awareness Training Presentation • GDPR Competence Development Questionnaire • GDPR Awareness Poster (for data subjects) • GDPR Awareness Poster (for employees) • EXAMPLE GDPR Competence Development Questionnaire
Key tasks:
• Communicate and promote awareness about GDPR • Define roles and who will fill them • Nominate your representative (if outside the EU) • Decide if you need a data protection officer • Identify training needs and address them
Once you have initiated your project and defined who will perform which role, there is a lot of value in raising general awareness about the GDPR and information security in general so that people know what it is and why it’s important. Audiences will include various stakeholders such as suppliers and contractors as well as employees and it is useful to create a managed programme of communication so that it happens regularly. The Toolkit provides a template for a GDPR Communication Programme and some presentation slides for GDPR and information security awareness training. Some basic awareness posters are also provided which may be used either electronically or simply put on the wall everywhere where personal data is processed.
It is important to establish from the start who is going to do what, both within your initial project to comply with the GDPR, and for the long-term protection of the personal data that you hold. The GDPR Roles and Responsibilities document sets out various roles, including those of controller and processor (if required), data protection officer and an information security manager. If not already allocated, decisions need to be taken about who will fulfil these roles, including potential recruitment.
