Let’s start at the beginning. A lot of people handle personal information and it’s important that they do so correctly. Not just because there are regulations that say you must, but because this information is personal and often sensitive, and can be used by others to cause us harm. Furthermore, if the information is stolen or leaked, there’s no way of getting it back. Data protection training is important.
Having said that, it’s probably not on people’s top ten list of interesting things to learn about.
So how can you make this, some would say ‘dry’ topic, more interesting?
We took a two-level approach to making the data protection act relevant.
By showing how it’s relevant to us as individuals
By providing examples and activities to show how it’s integrated into how we do things at work – the workflow.
Here’s how we did it.
We know that there are things that people need to know about data protection, so we put this in an explainer video and made it as short, simple and straightforward as possible.
The video relates how data protection regulations affect us as individuals. It shows how the regulations impact our daily lives, and how they are designed to protect us and the rights we have.
Not everyone will want to watch a video so we illustrated the text with images from the video and offer it as an alternative way to access the information about data protection.
Watch the demonstration version of our Data Protection training video.
People have often already undertaken data protection training and only need a quick refresher, so we made a key facts section.
The next two sections are about the regulations in action.
The first takes a look at a number of cases that have ended up in the courts. Some of these are small businesses, some are individuals and there are also examples from large corporations.
Although these are anonymised, they are real cases where people have complained and actions and sometimes fines have been imposed.
The start with a situation and ask the user a simple question. On the next tab a response is provided, and then the part of the regulations which is relevant to this is available.
Users can look at situations on their own, in pairs or small groups or perhaps as part of a workshop.
There’s a variety of topics in both the case studies and the situations. The user(s) can choose which and how many they would like to look at.
We’ve included a checklist which is available online as a downloadable PDF and also as an editable Word document.
This is about bring the regulations into the workplace. For example, what information do we process, what’s the legal basis for doing this, who would you report a breach to and so on.
This can be used in a number of ways. For example:
In a workshop presentation (live or online) where a group or team look at the data they process and what’s important to their situation. In this case, it might be worth editing down the Word document so that the questions are specific to that group.
It could be part of a discovery task as an onboarding activity. New recruits meet colleagues and interview them to find out how personal data is processed.
It could be part of a mentoring or appraisal programme where the points in the checklist are discussed and answers sought.
It’s really a resource which can be adapted and used to suit different environments.
Finally, there’s a quiz, though to say finally is probably wrong as it can be taken at any point. There are 15 items (questions) randomly selected from a number of pools. Some are straightforward, others are more challenging. Some are factual others are situational.
When the user has finished the quiz, there’s a page which shows which items they got right, and which were wrong, and also an explanation as to why the correct answer(s) is/are correct.
The quiz can be taken as many times as the user wants, but as the questions are randomly generated, it won’t be the ‘same’ quiz.
Once the user passes with 80% or better – quite a high pass mark – they will be issued a certificate which shows they have passed.
We’ve aimed this course at small companies who are interested in their colleagues understanding what they need to know about the data protection act and how it relates to them and their customers. In many ways it’s more challenging than a standard online course, but we feel that will make it more rewarding and more useful.