New data privacy rules mandated by the General Data Regulation Protection (GDRP) will force new standards on privacy awareness and employee behavior. Surveys show that 80% of global companies participating in the study were unaware of the details about GDPR and the FTC regulations or their impacts. Fewer than one out of three companies believe they are prepared for it now and 97 percent of the company’s surveys do not have a plan to develop yet. The GDRP is creating an urgency for multinational companies who must begin acting now. The stakes are high with fines of 4% for any acts of non-compliance whether intentional or not. All organizations planning to do business with the EU are urged to develop strategies to bring their businesses into compliance and prepare employees adequately to avoid costly mistakes. Once a privacy program is established, data privacy awareness training should frequently be conducted.

Privacy Awareness and Employee Behavior

Training Steps

  1. The GDPR stipulates that a data protection officer must be hired or appointed. It could be an existing employee. An existing, employee is an efficient way to centralize the data privacy training along with ongoing quality assurance monitoring. A privacy professional could in charge of working with HR to ensure all parties receive adequate training before working with sensitive data.
  2. Establish a Firm Access Governance Solution. Before training the parameters of education and level of access codes with clearances and access criteria are set. An examination of job roles and responsibilities are used to determine who is eligible for access with attestation and necessary recertification’s under the supervision of line of business management.
  3. Control Access Management system. The GDPR requires employees and associated contractors are only given required access to perform required duties and nothing more. Technology to establish an identity with multi-factor authentication, user credential confirmation, secure remote access, granular password management and risk-based adaptive security measures are required. Password management falls under this category because of its high risk for vulnerability to hackers. Passwords should be changed on a regular basis to enhance security.


The need for data privacy training programs is based on the necessity for becoming compliant with the new GDPR regulations which are backed by the FTC.  Once all requirements are satisfied, companies may proceed with the training in any fashion that they choose. We believe that there are quite a few ways to reach target staff efficiently and more while having a little fun on the way. These are just a few ideas to get you started.

Resource References

Brill, Julie, January 2016. Two-Way Street: U.S. -EU Parallels Under the General Data Protection Regulation Ghostery/Hogan Lovells Data Privacy Day; U.S. Federal Trade Commission; retrieved from on 10/18/16.

Dell Press Releases, 2016. Dell Survey Shows Organizations Lack Awareness and Preparation for New European Union General Data Protection Regulation (GDPR); retrieved from 10/18/16.

Heimes, Rita, 2016. Top 10 operational impacts of the GDPR: Part 2 – The mandatory DPO, The Privacy Advisor; retrieved from on 10/18/16.

Research Report, 2016. Preparing for the EU General Data Protection Regulation, IAPP Resource Center; retrieved from 10/18/16.

Solove, David, 2016. “Privacy”: A Unique Play Starring Your Smart Phone, Teach Privacy; retrieved from on 10/18/2016.


Disclaimer: This article provides general information and materials related to contract management. This article does not provide legal advice. VPS is not a law firm nor does it provide legal advice. You should contact an attorney to obtain advice with respect to any particular legal issues or

Leave a Reply

Your email address will not be published. Required fields are marked *