Our Blog



How adequate training and reinforcement can help you comply with privacy legislation

In Australia, the Privacy Act 1988 and, specifically, the Notifiable Data Breaches (NDB) scheme being part of that legislation, has organisations working to keep personal data secure. Europe has also introduced its General Data Protection Regulation (GDPR), which affects businesses anywhere in the world that interact with European citizens. 

These regulations include the fundamental right that individuals have to know exactly what information organisations have about them. Under the GDPR, individuals can request to access this information at any time in a process known as data subject access request (DSAR).

To comply with privacy legislation, you must provide people access to all of the information the organisation has about them within 30 days of their request. Private organisations can charge a reasonable fee while government agencies aren’t allowed to charge. Individuals can not only request access to their information, but can also ask for their personal information to be corrected.

When these requests for information come through to an organisation, people are tasked with gathering all the information the organisation holds on an individual. While that may sound simple, there are many moving parts.

Some of the people involved in gathering and verifying this information include:

  • system administrators or owners
  • information architects
  • security officers
  • legal counsel
  • project managers

Each of these people need to understand their rights and responsibilities under the law so that they can provide the information they’re legally obliged to provide, without divulging information that is supposed to be protected.

As well as being aware of the parameters within which they must work, these people must also have the skills required to undertake the work. This could require some additional training to ensure people are fully equipped to discharge their responsibilities according to the law.

To make sure your people know how to respond to a request for information, it may be advisable to conduct training. This could include:

  • providing an overview of the legislation simple terms so team members are familiar with it
  • relating the general information in the legislation back to the organisation’s specific circumstances
  • developing a procedure manual that takes team members through the process of providing personal information step-by-step
  • conducting role-play scenarios and ‘secret-shopper’ calls to let team members practice dealing with requests.

By conducting formal training, backed up by regular reminders, you can ensure the people in your business are fully prepared to facilitate your organisation’s compliance with privacy legislation.

It’s also important to remember that people aren’t the only part of the equation. Having the right processes and technology in place to support team members is crucial, and can play a big role in reducing the amount of time it takes to comply with requests for information.

You can read more about how processes, people, and technology can help you comply with privacy legislation in our blog series here.

To find out how Empired can help, contact us today.

Posted by: Doug Baxter, Solution Specialist | 12 July 2018

Tags: Privacy, Security, GDPR, NDB, Privacy legislation, Privacy and compliance

Top Rated Posts

Blog archive

Stay up to date with all insights from the Empired blog