Why is data protection training important?

Why is data protection training important?

Posted on Dec 09, 2015

Why is data protection training important?


 data protection free trial

Nowadays, companies have a much greater responsibility to demonstrate compliance when it comes to data protection rules and regulations. Companies and individuals that do not comply face criminal proceedings, fines and serious damage to their reputation.



Everyone responsible for using data must follow strict rules called ‘data protection principles’. All of your staff that are involved in processing personal information – from customer databases to employee records – must have at least a basic understanding of the Data Protection Act 1998. Staff with more specialist roles – for example, those that work in marketing, database management or computer security – may need extra training to cover data protection rules relevant to their jobs types.

Data privacy and security are a key part of data protection rules, so you need to make sure your staff are aware of their importance. For example, the loss or theft of a USB stick or laptop containing personal information about customers could seriously damage your business' reputation, as well as lead to severe financial penalties.


What should data protection training contain?


A good data protection course should cover the basic principles behind the Data Protection Act 1998. It should simplify definitions of the terms within the Act – and explain key points such as:

  • What is personal data and sensitive personal data?
  • What are data subjects, processors and controllers?
  • What are subject access requests and what to do in the event of them?
  • Who is the ICO?
  • How do I ensure my website is compliant?
  • How do we collect, update and store data securely?


The eight principles of Data Protection should also be explained.

  1. Personal data shall be processed fairly and within the law.
  2. Personal data can only be held for specific and lawful purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data shall not be kept for longer than is necessary.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational security measures shall be taken against unauthorised access to data. 
  8. Personal data must not be transferred to a country outside the European Union unless that country or territory has similar legislation to the Data Protection Act that protects data.


Just FYI… The flick data protection training course covers all of these points, and much more – we’ve even thrown in lots of additional resources, templates and help guides for you to put what you’ve learned into practice.


What happens when data protection good practice fails?


In October of this year, TalkTalk suffered their third hack in 2015 alone. The first occurred in February, where the company declared that thousands of customers’ details were stolen. Their mobile phone sales site was then targeted in August in what TalkTalk described as ‘a sophisticated and co-ordinated cyber-attack’. Whilst cyber hacks fall into the realm more of Information Security, the data that was obtained during the hacks was easily accessible to the hackers – begging the question when it came to TalkTalk’s data protection – what was missing?


Should the data have been stored differently?


TalkTalk Boss Dido Harding came under fire for saying in an interview that her company had broken no laws by failing to encrypt data. She said that her company's data "wasn't encrypted, nor are you legally required to encrypt it. We have complied with all of our legal obligations in terms of storing financial information."

Encryption software uses a complex series of embedded mathematical algorithms to protect and encrypt data. This process hides the information stored and prevents any inadvertent access or unauthorised disclosure of data. Since encryption standards are always evolving, it is recommended that data controllers ensure that any solution implemented, meets the current standard

In the case of TalkTalk, encrypting their data would have protected all of their customers information when the hackers bypassed their security systems and accessed the information.


Want to learn more about data protection?


Data protection isn’t just about keeping the data you process safe. If you have a website for your organisation, you’ll need to be aware of your responsibilities for how to use cookies correctly. It’s easy to think that this doesn’t apply to you because you don’t believe you’ve ‘put cookies’ on your site whereas in reality as soon as you’ve installed Google Analytics on your site, there are cookies operating.


For our free quickflick guide on data protection and cookies, and understanding your responsibilities – click here


data protection free trial


Related articles

data protection and cookie law What is data protection and how does it relate to cookie law? [White-Paper]

data protection in marketing How NOT to break the law when marketing


Related courses

prevention of radicalisation cover image data protection

child protection cover image data protection in marketing






5 hours, 10 minutes ago

That's right, you heard us! Sign up with flick today and you'll get access to over 50 courses. Find out what's incl… https://t.co/jb6U15UHjG

1 day, 6 hours ago

Last spring’s GDPR is one of the most complex pieces of legislation the European Union has ever devised. But is it… https://t.co/m6viLU2dJN

1 day, 6 hours ago

Enjoying all the imagery popping up with the #MoonLanding anniversary? Then you should complete our #GDPR made simp… https://t.co/Ckk7OOXeuY

Flick Learning Ltd

Fargo Studios, 54 Grafton Street, Coventry, West Midlands, CV1 2HW. Copyright 2019 All Rights Reserved. Company No. 09270577