Step 2. Raise Awareness about GDPR

2. Awareness – GDPR consultant 12 step guide to GDPR compliance

Every day, hundreds of organisations, large and small, fall victim to a cyber-attack and the reputational, operational and financial cost to businesses is huge. This is why you need to raise awareness of GDPR and its benefits.

of large organisations had a security breach in 2015
of small organisations had a security breach in 2015
of security breaches are preventable
of incidents involve a malicious attack, often reliant on staff negligence or ignorance
of security breaches concerned a negligent contractor or supplier

Average cost to remedy a breach for large organisations

£1.46m - £3.15m

Average cost to remedy a breach for small organisations

£75k - £310k

Most organisations would agree that they are nothing without their people. Yet, typically, businesses focus their cyber security defences on Technology and Processes. This is even though your people, and those to whom your business is connected, are your first line of cyber defence.

Your wider staff team will need to be briefed about changes to the way they work under GDPR, particularly if they handle personal data. Staff members who handle personal data are operators of your data processors and will be adhering to the regulation every day. A formal ongoing security awareness training programme is essential, covering GDPR obligations as well as cyber security principles in general.

Educate Your Staff

An effective awareness training program reduces the chances of your organisation becoming the victim of a cyber-attack or having a data breach. A good security awareness program should:

Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff.  Confirming how well the awareness program is working can be difficult. The most common metric looks for a downward trend in the number of incidents over time.

Changing people’s behaviour requires more than just teaching materials. We provide a Unified Cyber Awareness Platform and the digital tools you need for a 360° cyber security awareness campaign that will drive real and lasting change in the cyber security culture of your people and your organisation.