In 2016, the Data Protection Commissioner of Ireland (the DPC) recorded 2,224 valid security breaches. Although this number was lower than that recorded in 2015, it is still an alarming figure, especially as the deadline for complying with the General Data Protection Regulation (GDPR) is just over 12 months away.
One of the main offenders highlighted in the DPC’s annual report was PeoplePoint, the civil service shared-services provider, which the DPC audited after receiving notification of 163 data breaches in 2016 and 2015.
The report stated that “the audit of the civil service shared-services provider PeoplePoint demonstrated a concerning level of front-line human error in the handling of personal data and sensitive personal data in many cases” and that “A key conclusion of our findings is that while high-level policies on data governance have been put in place, these have not filtered down sufficiently to an operational level”.
Although staff are key to preventing a data breach, this report highlights how a lack of staff awareness and training to accompany high-level policies can leave companies vulnerable. Despite this, employees in Ireland are often left out of the equation when companies are developing their cyber security and GDPR strategies.
Involving staff in the strategy process can make all the difference in preventing future breaches.
IT Governance has an extensive suite of tools and training materials to help you raise staff awareness about the incoming GDPR:
Training aids – engaging card games and posters to encourage staff to reflect on data protection and its importance in the workplace.
Pocket guides – IT Governance has a number of concise guides that will give staff a clear understanding of the GDPR and key data protection issues
E-learning courses – comprehensive and easy-to-follow e-learning courses about the GDPR and data protection. E-learning courses provide a simple and cost-effective way of making your staff aware of security risks and the best practices to follow.
CERTIFIED GDPR TRAINING COURSES NOW IN DUBLIN
Our ISO 17024-accredited GDPR Foundation and Practitioner training courses offer a structured learning path to equip data protection and information security professionals, as well as individuals who lack data protection expertise and experience, with the specialist knowledge and skills needed to deliver GDPR compliance, fulfill the role of data protection officer, and achieve a qualification in data protection.