Staff data protection training policy
STAFF DATA PROTECTION TRAINING POLICY
This is the staff data protection training policy for GivEnergy.
The General Data Protection Regulation (GDPR) is based around six principles of handling of personal data. Data privacy and security are a key part of the principles. As a business we want to ensure that all our employees are aware of the importance of the rules around data protection.
To that end all employees that handle personal information of individuals must have a basic understanding of the GDPR and other relevant data protection laws. Staff with duties such as computer and internet security, marketing and database management may need specialist training to make them aware of particular data protection requirements in their work area.
Training will include but is not limited topics such as:
- Identifying the different categories of data;
- An understanding of the 6 principles of GDPR;
- An understanding of the lawful bases for processing data under GDRP;
- An awareness of the 8 rights that individuals have;
- Knowing who to contact in relation to data protection queries in your business;
- How to identify and process a Subject Access Request;
- How to identify a data breach for notification purposes and how and when to report this;
- The internal policies and procedures that the business has to comply with the GDPR.
In our business GivEnergy has responsibility for the training and development needs of staff. Carl Pote is also responsible to keep a record of staff training.
Policy Date: 07/01/2021
Policy Review Date: 07/07/2021