General Data Protection Regulation (GDPR) training policy
Contents
- Scope
1. Scope
1.1 This policy applies to Uttlesford District Council's training and awareness programme where relevant to the GDPR, compliance with the GDPR and other matters relating to data protection and privacy.
2. Training policy
2.1 Data Protection Officer advises staff as to their data protection responsibilities and promotes awareness of data protection issues through the publication of the Council's policies and procedures on personal data management.
2.2 The Data Protection Officer shall ensure that all staff with day to day responsibilities involving personal data and processing operations and those with permanent or regular access to personal data, demonstrate compliance with the GDPR.
2.3 Members of staff are able to demonstrate competence in their understanding of the GDPR through successful completion of the on-line GDPR training package or alternative training being provided to who do not have access to computer facilities.
2.4 The Data Protection Officer ensures that these members of staff are kept up to date and informed of any issues related to personal data through the circulation of frequent advisory notices and briefings via the UDC intranet and internal communications.
2.5 The Corporate Management Team promote training and awareness programmes and Uttlesford District Council's shall make resources available in order to raise awareness.
2.6 The Data Protection Officer shall demonstrate and communicate to staff the importance of data protection in their role and ensure that they understand how and why personal data is processed in accordance with the Council's policies and procedures.
2.7 The Data Protection Officer ensures that all security requirements related to data protection are demonstrated and communicated to all staff to the same effect.
2.8 Staff are provided with training on processing personal data relevant to their roles and responsibilities and in accordance with the Council's policies and procedures.
2.9 Staff are provided with specific training on any information security requirements and procedures applicable to data protection and the data processing within their individual day to day roles and responsibilities, including reporting personal data breaches.
2.10 Staff are provided with training on dealing with complaints relating to data protection and processing personal data.
2.11 Human Resources (HR) Department retain records of the relevant training undertaken by each person who has this level of responsibility.
2.12 The Data Protection Officer and HR Department are responsible for organising relevant training for all responsible individuals and staff generally and for maintaining records of the attendance of staff at relevant training at appropriate times across the Council's normal business cycle and operations.
Document owner
The Data Protection Officer is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the requirements of the GDPR.
Change history record
New document: (1st publication)
Approval: Simon Pugh (Assistant Director Governance & Legal)
Date of issue: 23 May 2018
Biennial review by DPO to ensure currency and compliance with Data Protection Legislation
Approval: Simon Pugh (Assistant Director Governance & Legal)
Date of issue: June 2020
Share this page
