Skip to main content

Explore Spark

Explore the scalable platform that can be learned by anyone in 45 mins, and up and running in as little as one day.

Learn more

We’re hiring!

We have exciting new roles available. Join our growing team and begin an unforgettable journey.

Learn more

Looking for something?

Home / Resources / GDPR training: 5 FAQs for Learning & Development

GDPR training: 5 FAQs for Learning & Development


A lot of words have been written about the General Data Protection Regulations (GDPR) ahead of the new laws coming into effect with global impact on 25 May 2018.

But how much of this information is relevant to L&D? And what exactly are the training implications for organisations?

Our FAQs are designed to get to the nitty-gritty of what you need to know. We’ve also got some positive stats for you…

1. Is GDPR training a legal requirement for organisations?

In many cases, yes. In the UK, the Information Commissioner’s Office has produced a checklist for organisations so employers can assess what they need to do and how far down the line they are to being GDPR-ready.

Number 2.5 on the Data Processors’ checklist covers ‘Data Protection by Design’. Part of this ‘design’ includes staff training. Number 2.6 covers training and awareness and asks if your organisation is up to speed in “providing data protection awareness training to all staff”.

This might not necessarily apply to every single employer. However, all organisations must ensure and demonstrate they are taking the necessary measures to comply with the law.  This means implementing staff training, where appropriate.

The bottom line is that your organisation must be GDPR-compliant and this will require your staff to, at the very least, be aware of the rules and how breaches might occur.

2. What’s the best approach to GDPR training? Classroom or online?

The level and type of learning depends on the role of the employee. For those working in high risk roles, a bespoke learning blend is likely to be the best option, and this might well include a mix of face-to-face training and digital learning.  This will give your high risk employees the best chance of developing the knowledge they need to implement GDPR best practice effectively across your organisation.

For all other staff, digital training offers advantages in terms of flexibility, reach and engagement.  This low risk group requires the GDPR basics; so that they are aware of the risks, and have the confidence to raise the alarm to prevent potential breaches.  It’s not practical for this larger group of employees to attend a classroom session, so a digital option makes perfect sense.  An online game, like GDPR – Sorted!, is a good example, providing awareness-level training in a memorable and user-friendly way.     

3. What can you do to make GDPR training interesting for employees?

To embed the learning for key personnel, it needs to be continuous, reinforced and updated when required. It’s about instilling deep knowledge and constantly reinforcing it. But it needs to be engaging, otherwise it’ll just feel like Groundhog Day! A microlearning platform, like Axonify, is ideal as part of the ongoing training, offering short bursts of reinforcement in a way that engages employees.

For all other staff, a game that incorporates challenges and ‘levels’ allows them to practice risk scenarios safely. Social and collaborative learning is also good, allowing your people to help each other – and have some fun along the way.

4. What happens after the 25 May deadline?

If you want to build a culture of GDPR compliance beyond 25 May, then people have to keep learning.  It’s a case of continual reinforcement and updating, which is why agile, adaptable and flexible learning is the key. Clearly, a massive document with hundreds of pages isn’t the answer. Updatable digital learning is, together with face-to-face events such as refresher hubs.

5. Is GDPR training a good thing?

Yes! And not just to ensure compliance. According to research by information experts Veritas, the vast majority are using GDPR as a force for good.

The Veritas report says that employers are looking above and beyond the desire simply to avoid stiff penalties for non-compliance.  GDPR is driving cultural changes, with organisations recognising that compliance makes sense for their credibility and standing.

Among the findings are:

  • 95% see GDPR as a positive thing as it improves data hygiene, builds brand reputation and will generate more insights.
  • 88% plan to motivate changes in employee behaviour to help the workforce be more accountable for GDPR compliance.

If you’ve got a burning question about GDPR, or want to add a specific question to this list of FAQs, get in touch.