Statement of Learning Gap - Introduction to GDPR

When the General Data Protection Regulation (GDPR) came into force, we need to have a training programme for current and new staff to close the gaps between their knowledge of GDPR on personal level and of what is required of them as an employee, who is both a data controller and processor.

One area in particular that presents a significant challenge is in raising awareness across an organisation, ensuring all employees understand their data protection obligations. When it comes to compliance with the GDPR, data security is a key issue, with staff often sidestepping security policies to get things done quicker. It’s probably no surprise that the principal cause of a business security breach is human error.

Most staff either don’t know about security requirements or don’t prioritise them relative to other aspects of their job.

The problem is the penalties for infringement of data privacy rules have escalated dramatically with the introduction of GDPR. Maximum fines for non-compliance will rose exponentially from 25 May 2018. GDPR obliges companies to get serious about data security and privacy, which means all staff need make the same transition – treating data protection as a priority.

Description of the Learning Strategy

The proposal is to develop a blended learning programme to introduce staff and Faculty to the General Data Protection Regulation.

Online Module

The course will include a variety of media; images, infographics, videos, interactive modules and additional resources sourced externally. The online module will also include knowledge checks and will provide learners with the opportunity to pause for reflection throughout.

Reflection

During the process of acquiring knowledge there can be a disconnect between what is being learned and how it applies to our daily lives. Reflection can be an important step in the process of learning. It broadens understanding of the professional activity and links to the context of why and how. It enables the learner to identify their unique personal role in what they do and can help them identify the most important and consequential insights that can be transferred to other settings. The purpose of these reflections is to consolidate learning and reflect on how it changes or influences practice and to enable individual development throughout the course.

Workshop

In addition to this online introduction, the Data Protection Officer will run a regular Data Protection Workshop with departments in order to relate GDPR more specifically to their daily practice and generate discussion about how to improve data handling practices.

Learning Outcomes

On completion of this online course, the learner will:

• Demonstrate an understanding of the basic tenets of the General Data Protection Regulation

• Explain the 6 principles of GDPR and relate them to their operational duties

• Outline the 8 rights of the individual with regard to data protection

• Determine the best practices for keeping data safe

• Evaluate their own practices in terms of how they handle client's data

Target Audience

Staff and Faculty of the Royal College of Physicians of Ireland.