The General Data Protection Regulation (GDPR) will reshape data privacy on a global scale, and organizations that process and/or hold the personal data of EU residents are required to properly and securely manage that data, failure to do so may result in substantial fines.
These fines are presented in two tiers:
Up to €10 million or up to 2% of annual worldwide turnover, whichever is higher.
This level of fine will be imposed for infringements of the regulations where, for example; no written contract is in place between the controller and the processor of data. It is now the responsibility of organizations that possess and control a subject’s personal or sensitive data to have a clear and concise written contract in place if passing to a third party (a Data Processor).
No contract? There’s a fine coming your way.
Up to €20 million or up to 4% of annual worldwide turnover, whichever is higher.
This level will apply where, for example; a company doesn’t obtain explicit consent from a data subject for the processing of sensitive personal data.
The best way to raise employees’ awareness of the requirements associated with GDPR compliance is to help them understand their role in maintaining compliance; and educate them about the best practices they should apply in their day-to-day work activities in order to help maintain compliance.
Scenario-based security awareness training teaches users to make better decisions.
Our end user security awareness partner, Wombat Security’s 2018 Beyond the Phish® Report revealed that one cybersecurity topic continues to be the top pain point for employees: protecting confidential information. Their analysis of assessment and training data showed that end users incorrectly answered 25% of questions about the GDPR and other compliance-related subjects.
To help organizations close the GDPR knowledge gap, two new interactive training modules have been added within the education portfolio: the recently updated GDPR Overview module and a new GDPR in Action module.
These two modules will help organizations and Data Protection Officers educate employees about the GDPR, a critical need since end users will be relied upon to protect the sensitive data of EU residents.
Learn more about our end user security awareness offering