GDPR training for a new employee – what must it include?
ANSWER
Initial training should include:
- general information on the GDPR (purposes and principles of personal data processing, with particular emphasis on data minimisation and storage limitation, information on how to fulfil data subjects' rights, controller obligations, the role of the data protection officer, guidance on recognising situations where the GDPR must be borne in mind — especially when a processing agreement or information obligations are required, information on how to recognise personal data breaches, how to prevent breaches, and how to act when a breach occurs),
- security information — rules for setting secure passwords, rules for secure use of email, rules for secure use of computers and other equipment, rules for handling documents)
The aim of the training should be to make the employee aware that protecting personal data is their daily responsibility. The form of training may be flexible, but its delivery must be documented.


