GDPR awareness training is an important factor in addressing the regulation. If you have any responsibility for IT or information within your organisation you can’t fail to have been bombarded by large articles, seminars and cold calls about GDPR over the last 2 years. So from that starting point, we don’t want to disengage you further, we’ll keep it short and leave out the specifics of GDPR.

There are a number of references to training and awareness in the GDPR

  • Tasks of the data protection officer – Article 39
  • Binding corporate rules – Article 47
  • Tasks of the board – Article 70

The number 1 security awareness mistake

It is fundamental that everyone in the organisation is aware of their responsibilities. This means different thing to different people. Everyone needs to be aware of the expected behaviours for basic data security. Others in specific roles need a greater level of understanding not just of the basics but of GDPR specifically.

Taking this approach will help you avoid the number 1 security awareness mistake Additionally, you will reduce the risk of disengaging staff for the rest of your security awareness programme.


If you’ve read our post on creating an awareness strategy, you’ll be familiar with the need to create a plan.

The plan should take into account when to attempt to get new messages out and when to hold off. With this in mind, even though GDPR awareness training is really important, please integrate with the rest of your plan. Even if you need to reschedule other events!

GDPR Awareness Training Weapon of Choice

So, how might you best train all staff in the basics? We believe that is with engaging training that addresses the required behaviours rather than teaching people to be GDPR experts.

In-depth GDPR training on consent, portability, access requests, etc. can be focussed on the much smaller population who are psychologically invested in understanding the regulation.