We have less than three weeks until GDPR comes into effect, and yet far too many businesses in the UK are unprepared. A January survey from the London Chamber of Commerce reported that a quarter of London business decision-makers are unaware of the new regulation, and “just 16% say their business is already prepared for it.”

And even if a business leader is aware of GDPR and its importance, a larger number of regular employees are unaware of how GDPR will impact their jobs or what they will be doing differently. Fixing that requires training. Given the massive financial consequences of violating GDPR, businesses must begin training their staff as soon as possible to stay in compliance. Here are some key tips for how to train employees and what they should be aware of.

1. What is GDPR?

As noted above, a substantial percentage if not a majority of UK employees have never heard of GDPR. The first step in training should be to inform employees of GDPR and what it entails.

Some employees will inevitably grouse about having to adapt to a new, supposedly foreign regulation, which will make them less interested in adhering to new data protection policies. Your aim should thus be to talk about the benefits of GDPR and the consequences of not complying. GDPR will help make sure customer data is safe and enshrine the right to be forgotten. It will also benefit businesses in the long run by forcing them to pay more attention to data protection, which has become increasingly important given how much data companies store carelessly. And if employees do not comply with the regulation, it can lead to major fines and consequences both for the business and themselves.

Becoming GDPR-compliant in the next few weeks can be a challenge which requires motivation from everyone. Explaining what GDPR cookie consent is and how it will benefit the world will help motivate employees to comply. Also encourage employees to check out the EU GDPR Portal to learn more.

2. Different Employees, Different Responsibilities

The different sectors in your business will be affected by GDPR differently. Marketing professionals have to be more careful about what data they collect. IT teams have to better organize their data so that customers can timely access their personal data. And everyone must be aware of data breaches and how to prevent and mitigate them.

When it comes to employee training in general, trainers must make sure that trainees understand how said training applies to their everyday work or they will promptly forget all of it. This applies to GDPR training.

GDPR training is fundamentally about data protection, and your business should already have some data protection policies in place. Compare those old policies with the new policies which your business is implementing to stay GDPR compliant, and explicitly describe what employees have to do differently. By keeping things clear, simple, and relevant to employees’ day to day lives, they will be able to understand what you actually want from them.

3. Conduct Drills

GDPR regulations require business to report data breaches within 72 hours, and to inform those whose data was stolen. But the aftermath of a data breach can be a chaotic affair, with IT and different departments scrambling to figure out what was stolen, what the response should be, and who should be contacted.

Consequently, businesses should conduct simulated data breach drills so that everyone knows exactly what they are supposed to do. These drills can take on multiple forms. Some companies can run a tabletop drill where IT and first responders sit at a drill and run over exactly what they would do during a data breach. More ambitious companies can run a simulated drill, where IT finds a breach, informs leadership, and everyone gets to work on their assigned duties. An outside third party can watch what is going on and provide an assessment for how everyone did afterwards.

Data Center Knowledge notes that there can be challenges getting every involved party to participate in a live drill. But by conducting these drills, you can know your business is trained to respond according to GDPR demands.

4.  Continue Training

If your business is behind schedule in getting ready for GDPR cookie consent, these next few weeks may be hectic. But once the deadline passes and you are compliant, you may think of taking a breather to focus on other matters.

But it can only take a few mistakes to become either GDPR noncompliant or the victim of a breach. New workers may be brought in who are unaware of GDPR. The GDPR may be updated to deal with additional technological changes. Over time, old employees may slip back into bad habits.

Training thus must be a constant matter even after the deadline. Drills should be conducted once or twice a year, and training presentations should be just as often. By reminding employees of the importance of GDPR and its benefits, we can create a business environment where everyone is committed to protecting customer data.