I am interested in finding out how other organisations cascade data protection awareness to their staff. As organisations face the potential of a £500,000 fine for a data breach or serious and systemic failure regarding data processing that causes harm and distress, it is important that staff know and understand their data protection responsibilities.
After the initial awareness training session, how do you handle the follow up questions that come when staff have questions about applying the awareness in practice?
For example, if you were frequently asked the same or similar data protection questions, then publishing the response would be a way to reduce your workload. You could answer the question once and others could see the answer. Depending on the system used, you could make the responses search friendly so that people could develop their understanding.
The question is how you leverage expertise or knowledge across the organisation when it is required in practice. The ideal solution would be to make every officer a data protection officer, but that would prove impractical in practice.
So, how do you do it?
Do you use a wiki, an internal blog, or just FAQs on an internal webpage?
I can see advantages and constraints from all three approaches.
The wiki allows others to modify the responses and allow follow up questions. In that sense, the process is more interactive. Yet, someone without experience could post incorrect information. This risk can be managed, but it exists.
A blog is more of, but not limited to, a post and response system. There are static posts that cannot be edited by others than the author while allowing follow up questions to drill into the post. There is less risk that incorrect information is communicated.
The FAQ would be static and would not allow for any interaction, but would allow a consistent, if reactive, approach.
Face to face briefings could be done but they would be labour intensive and not reach everyone all the time, which is why the social media platform is of interest.
How does your organiation cascade Data Protection awareness and information? If you have a system are there any drawbacks or mistakes that have taught you valuable lessons and you would want others to avoid.
If you have a success story in a related field, where expertise is requested, such as HR help desk, I would be interested in finding out how it works and whether you would recommend it.