Frisk Insights | GDPR Release | 01
What's new at Frisk?
Frisk Lessons are role-based; use adaptive learning pathways; and focus on scenarios faced by diverse teams, within a range of industries (fintech, gambling and regulated).
This month, it's all about our advanced, role-based, General Data Protection Regulation (GDPR) training updates, for a global regulated audience.
What is global data protection training?
I often ask customers this question and usually tee up with a Data Privacy Lawyer for a good old fashioned debate. GDPR training is for an EU/UK audience, right? So, it doesn't make sense to call it 'global'. But, that’s exactly what our customers want to see. They often align global data protection policies with GDPR, as the benchmark for compliance.
As many of our FinTech customers operate in the United Kingdom and comply with the Data Protection Act 2018 (DPA 2018) – which implements the UK version of GDPR, it’s important to highlight subtle differences between EU GDPR and UK GDPR, where possible (especially when defining keywords: ‘special category data’, for example).
As an author, I illustrate global best-practice using role-based scenarios, such as carrying out third-party due diligence and impact assessments, before uploading data to an unauthorised cloud-based application. I ask customers if they see gaps in staff knowledge, that might lead to breaches, and choose scenarios with this in mind.
Customers looking for country or state-specific privacy and/or data protection training are still welcome to contact us for a discussion, e.g. US Privacy Laws.
Get buy-ins and involvement
Getting feedback from the ground up is, in my opinion, essential to creating meaningful training. Frisk Lessons are shaped by shared customer experiences, through private knowledge sharing principles. It's also good to look at when things go wrong, elsewhere, by reviewing global data breaches and fines, for example. ‘Postmortems’ are great training features.
Time to reveal a few trade secrets… eek! Let's start with the advanced GDPR programme. When we get similar feedback – time after time – we take note. The topics that feature in our updated GDPR training reflect this customer feedback.
- Data Processing Impact Assessments (DPIAs)
- Legal bases (focus: consent versus legitimate interests)
- Data Subject Access Requests (DSARs)
- Data Breaches (two fledgling lessons and a game-based assessment)
- GDPR awareness (definitions, principles, rights)
We distributed the original GDPR Frisk Lesson programme to more than 10,000 FinTech learners. Now, we plan to reach a wider audience through our global distribution channels.
Rewrites are great opportunities to reimagine content and add new touches, such as downloadable lesson summaries. Learners can now download a lesson summary, at the end of each lesson. We've also added some 'gamification' to spark engagement.
Overcoming compliance battles
We often see infosec and privacy teams battling, when agreeing on content, due to overlapping responsibilities. Sometimes, we customise Frisk Lessons, achieving a unified approach that works for everyone. This results in customers taking away the e-course(s) on a perpetual basis and uploading these to their Learning Management System (LMS) as a private e-course.
Data breaches, security incidents, insider threats, bribery and money laundering have interchangeable themes and obligatory reporting. Learners welcome a simplified approach to training. With a little bit of patience, you can win over your learners and external auditors, too!
Have you tried our latest infosec game? It’s suitable for new starters and as a refresher. Search for its unique tag, on the Go1 Content Hub, using: Infosec Explorer: New Starter Essentials (ID: EX221A | Global).
What's coming up?
Frisk's advanced GDPR pathway programme has gone live this week! You can check our 'go live' roadmaps, to get a glimpse of what else is on the horizon. We provide public access to these through Google® Sheets. For accessibility help, email: firstname.lastname@example.org.
Roadmaps and pathways:
- Payments: FinTechs and cryptocurrencies
- Gambling: Remote and non-remote
- General: Regulated businesses
Finding the latest content
To view the new materials, go to > the ‘Explore’ tab and > search for the following unique tags:
- GDPR Explorer (Data Protection Impact Assessments (DPIAs) | EX227)
- GDPR Explorer (Privacy and Lawful Bases | EX228)
- GDPR Explorer (Data Breaches (Part 1) | EX229(1))
- GDPR Explorer (Data Breaches (Part 2) | EX229(2))
- GDPR Awareness (ID: GA217KT–EVE | EU)
- Infosec Explorer: New Starter Essentials (ID: EX221A | Global)
- GDPR Scenarios (Data Subject Access Requests (DSARs) | SC230)
Note: These lessons are currently available on the Go1 Content Hub. You can create a private course and import these lessons to form one programme (and version these, per team, according to different needs). Alternatively, you can purchase these perpetually (to give you edit access). We’ve linked the vimeo demos to the above tags, if you want a quick look now.
Data protection training must be part of your DNA
As an employee, the first UK data protection training I did was in 1998. It was a three-day course run by a specialist legal trainer (alongside expert witness training). I found the session fascinating, and the focus part on Subject Access Requests (SARs) and court orders was beyond helpful. Without this, I could not have operated as a senior police liaison officer at the age of 22 – processing court orders, compiling witness statements, submitting SARs and making redactions. I would have, without doubt, been completely lost!
Your staff know you're serious about protecting data, and so do your customers, when your compliance approach shines. Capable, equipped staff get to know your policies, are scheduled ongoing training and process data in a consistent, compliant way. E-learning is a stepping stone on this journey.
For those who are new to Frisk Lessons, you can find out more by checking our company presentation and demo vimeo channel. We're always keen to receive customer feedback on Frisk content. Try it out and please leave us some feedback. Free limited trials are available for your entire organisation. For more information email: email@example.com
The Content in Frisk Insights is for general information purposes; as a demonstration of Frisk’s Training Materials; and not intended to cover any specific topic in full. This Content, and information, opinions or assistance provided by Frisk and/or its representatives (including in any Content (such as blogs, email, e-courses, vimeo demos, LinkedIn insights or articles), made available by Frisk, Training Materials or Commissioned Deliverables or as part of any Services) should not, therefore, be relied upon or construed to be: legal, security, regulatory, tax or other professional advice. The Content is provided “as is” and, to the fullest extent permitted by law, Frisk: disclaims all liability arising from its use; makes the Content available without representations, warranties or guarantees (whether express or implied); and can not confirm that the Content is accurate, up to date, complete or error free. You must always seek independent and professional advice that is applicable to your circumstances, and do this before using the Content.
This Content is the intellectual property of Frisk Online Limited, UK company number 06534650 (“Frisk”) and Frisk reserves all rights (existing anywhere in the world) in respect of the Content. For more information, visit Frisk's terms: https://www.frisk-online.com/policies/terms-of-service
© 2023 Frisk Online Limited. All rights reserved.