Take a
tour of our
compliance
training

Free 7-Day Trial
100+ Compliance
eLearning Topics

No Credit Card Required*

Take a
tour of our
compliance
training

Free 7-Day Trial
100+ Compliance
eLearning Topics

No Credit Card Required*

DATA PRIVACY TRAINING

Why does your company need Data Privacy training? Data Privacy training is about having a say in when and how personal information is collected, used, or disclosed. Companies have a duty to keep their clients’ private information private.

People may not think that Data Privacy affects their daily lives, but every time a person goes online or fills out a form, they give away data about themselves.

Your company has a duty to keep private information private. This includes only using it in the way you've promised, not disclosing it without permission, and destroying it at the appropriate time.

Data Privacy training and policies will ensure that your organization does just that.

Data Privacy is not only an ethical obligation; it's also what the law requires of your company.

Our Data Privacy and GDPR training will help protect you, your colleagues, your customers, and your company from the consequences of a Data Privacy breach and help employees understand the impact of GDPR and what your organization needs to do in order to be compliant.

iPhone, Android, Tablet, and desktop devices – seamless playback and tracking

Easily add your own learning screens to enhance stock content

Single enterprise licence covers your entire workforce, including contractors

Available in 20+ languages, with compliance training resources for local market regulations

TOPIC 1:

WHAT IS DATA PRIVACY TRAINING?


Video: Every time you go online or fill out a form, you give away information about yourself. Keep clients’ information private. Ethical and legal obligation to keep information private.

Interactive Screen: What do data privacy rules apply to? Types of data. Terminology, PII in the US, personal data in Europe. Know the types of data we hold, where data is held, what it’s used for, and the consequences of a breach.

Scenario: Unsolicited calls and mailshots from a marketing company. How did they get information?

Key Learning: Your name, address, and telephone number can all be used to uniquely identify you, as can your login and payment details for retail sites. All this data is classified as PII.

Scenario: The pieces of data that can be used to identify an individual.

Key Learning: It’s important that you know what data qualifies as personally identifiable information and understand how PII can be combined to identify an individual.

TOPIC 2:

PROTECTING DATA


Text & Image Screen: We all have a responsibility to protect the data of our clients and employees. Privacy incidents are often caused by people making simple mistakes out of line with our policies.

Interactive Screen: Principles of data protection: notice and purpose, consent, security and access, disclosure and accountability.

Interactive Screen: Real-life example of how to protect data when working remotely.

Scenario: How to protect PII.

Key Learning: Data must be stored securely and accessed only by authorized users. Policies must be in place to protect the anonymity of those about whom the data is stored.

Scenario: Ensuring security of PII.

Key Learning: When using data outside of its normal intended environment, the data must be anonymized so as to remove any trace of PII by which the customer can be identified.

Scenario: Consequences of a data breach.

Key Learning: Not following principles of proper protection of PII can have huge ramifications.

TOPIC 3:

PROTECTING CONFIDENTIAL INFORMATION


Interactive Screen: Classifying information. Sharing information. Storing data. Disposing of data. Communication.

Interactive Screen: Examples of the precautions to take when handling information.

Interactive Screen: Rules around sharing patient information. Storing patient information.

Data Privacy Training Scenario: Sharing company information with a supplier.

Key Learning: Choosing a classification level to apply to your data is a business decision based on how sensitive the data is. When you classify information and then follow the rules that apply, you help protect our company in the event of a security breach.

Data Privacy Training Scenario: Emailing a report containing confidential data.

Key Learning: Don't disclose confidential information unless you have received prior approval from the appropriate department. Never transmit sensitive or confidential information by any method in an unprotected format – use the encryption software authorized by the IT department.

TOPIC 4:

HIPAA BASICS


Video: Healthcare organizations and professionals are obliged to protect you and the information they hold about you. HIPAA ensures that the use and disclosure of PHI held by medical practices is strictly controlled to protect you.

Interactive Screen: PHI includes any part of your medical record or payment history. Privacy rule. Transaction and Code Set standards. Security rule. Unique Identifiers rule. Enforcement rule.

Interactive Screen: Rules around sharing patient information. Storing patient information.

Scenario: Identify items that are classified as PHI.

Key Learning: PHI is any information about health status, provision of healthcare, or payment for healthcare that can be linked to a specific individual.

Scenario: Rules governing use of PHI.

Key Learning: PHI can be provided without your express written authorization to facilitate treatment, payment, or healthcare operations. Covered entities must follow the correct HIPAA privacy rules or suffer heavy penalties.

TOPIC 5:

PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS


Interactive Screen: Every payment card transaction is protected by strict standards to keep personally identifiable information secure. Consequences of PCI DSS breaches.

Interactive Screen: Payment card dos and don’ts. Know our policies and requirements. Password management. Look out for suspicious activity. Clean house. Keep data inside the building.

Scenario: Investigating credit card fraud.

Key Learning: Gather as much information about a cyberattack as quickly as possible. Apart from any payment card information that may have been stolen, the criminals may have hidden malware on the network.

Scenario: How to limit scale of breaches.

Key Learning: Once customers have provided their credit card details, the responsibility for this data remains with the merchant, who must ensure the integrity of their procedures, processes, and systems at all times.

TOPIC 6:

WORKING WITH THE CLOUD


Interactive Screen: How does cloud computing work? Where is your data, and what laws apply to it? Laws in Europe. Access to data. Encrypting data. Using a secure network.

Scenario: Data Privacy risks associated with moving customer database to the cloud.

Key Learning: Responsibility and accountability always remain with the company, even if the physical location of the data is disputable.

Scenario: Moving data internationally.

Key Learning: Always comply with our policy when sending PII to another country. If in doubt, remove all the PII.

TOPIC 7:

STORING DATA


Interactive Screen: Data life cycle; create, store, use, archive, and destroy.

Scenario: Storing customer bank details.

Key Learning: Organizations and bodies storing bank account details, PHI, Social Security numbers, etc., are legally obliged to categorize this data as restricted use and are responsible for keeping it secure.

Scenario: Elements of an effective data security plan.

Key Learning: All aspects of security should be considered, including physical documents, hardware, and premises.

Scenario: Identifying confidential data.

Key Learning: Failing to secure confidential data could impact on individuals and also damage the reputation of our company.

TOPIC 8:

DISCLOSURES


Interactive Screen: The laws around the information to be provided when handing over PII will vary, depending on your location.

Interactive Screen: Privacy statements and your right to be provided with one before disclosing any PII.

Interactive Screen: Real-life examples of disclosure in action.

Scenario: Identifying PII that should not have been included in a report.

Key Learning: An employer has a duty to their employees to protect PII and not disclose such data.

Scenario: What to do if you mistakenly receive PII.

Key Learning: If you find yourself in possession of PII that you shouldn’t have, notify HR and Legal of the disclosure.

Scenario: What do you need to tell people before you can collect their data?

Key Learning: Customer must be informed of how their data will be used, and that data should only be used in a manner consistent with the purpose for which it is obtained.

TOPIC 9:

WHAT IS THE GENERAL DATA PROTECTION REGULATION?


Interactive Screen: GDPR is an EU regulation aimed at strengthening data protection for EU citizens. Why do we need it? To whom does GDPR apply? Where does the GDPR apply?

Interactive Screen: Rules and enforcement. Consent. Access and complaints. Penalties for noncompliance.

Scenario: Real-life scenario around access to how personal data is used.

Key Learning: The GDPR has introduced important rights for data subjects and obligations for data controllers and processors in the EU and EEA.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 10:

THE GDPR IN ACTION


Interactive Screen: Personal data. Privacy by design and default. Standardized data protection rules. Personal data transferred to countries outside the EU and the EEA.

Interactive Screen: Breach notification. Right of access. Right to be forgotten. Data portability. Right to object.

Scenario: Real-life example around the GDPR's standardized data protection rules covering all EU member states.

Key Learning: The GDPR standardizes European law for data protection, replacing the patchwork of national laws. Having standardized laws also removes the burden on companies of having to consult with local lawyers to ensure local compliance, resulting in cost savings and greater legal certainty.

Scenario: Real-life example around transferring data from the EU to the US.

Key Learning: Personal data can only be transferred if all the data protection principles concerning its collection, processing, and transfer are met. For transfers to countries outside the EU and the EEA, an adequate level of protection must be assured by the third country.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 11:

PRIVACY SHIELD & INTERNATIONAL DATA TRANSFERS


Interactive Screen: Overview of the Privacy Shield Framework. Seven privacy shield principles.

Interactive Screen: Privacy policies. Data collection, use, and monitoring. Processing of personal data for national security reasons by US intelligence agencies. Detecting and reporting data breaches.

Interactive Services: Key GDPR compliance obligations.

Scenario: Real-life scenario around preparing for certification into the Privacy Shield Framework.

Key Learning: Privacy policy notices. Explicit consent. Rights of data subjects.

Scenario: Real-life scenario around adhering to the requirements of Privacy Shield.

Key Learning: To transfer data outside the EU/EEA, you need to ensure an adequate level of protection. The Privacy Shield Framework for data transfers provides a certification scheme for US companies. It also retains and clarifies some existing transfer mechanisms.

Assessment: Five-question quiz on the content presented in this topic.

 

MORE DATA PRIVACY TRAINING

Data Privacy training rules apply to any information that can be used on its own, or in combination with other clues, information, or context, to identify, contact, or locate an individual.

Different countries use different terms to describe this kind of data. For example, in the US, it’s known as personally identifiable information (PII). In Europe, it’s known as personal data. In the UK, Data Privacy is governed by the Data Protection Act of 1998.

Our Data Privacy training course helps you protect Data Privacy by teaching you the types of data held, where data is held, what it is used for, and the consequences of a Data Privacy breach. If personally identifiable information falls into the wrong hands, it may be possible for criminals to identify an individual and target them for illegal activity.

Data must be stored securely and accessed only by authorized users. Policies and training must be in place to protect the anonymity of those about whom the data is stored.

HIPAA is a piece of legislation that plays a central role in protecting your medical and personal data. The US Health Insurance Portability and Accountability Act ensures that the use and disclosure of PHI held by medical practices is strictly controlled to protect you.

Our Data Privacy training will teach your employees the many different standards governing cross-border movement of personally identifiable information (PII). Some countries require local PII to remain in the country. You must remove PII from documents that may be moving across borders.

In Europe, personal data cannot be transferred outside the EEA, except to certain countries that have been identified as providing adequate protection for the data, or if specific protections have been put in place that are authorized by the data protection authority in that European country.

These rules apply whether your data is on a cloud service or hosted on specific servers in another country. All employees need comprehensive Data Privacy training in order to protect your business and your clients.

The General Data Protection Regulation (GDPR) is an EU regulation aimed at strengthening data protection for EU citizens. It brings significant changes for all organizations doing business in the European Union (EU) or European Economic Area (EEA), regardless of where in the world the organization is physically located. So if you hold or process personal data for any EU citizen, regardless of where you are located and regardless of where the data is located or processed, the GDPR applies to you.

At the heart of the GDPR are core elements relating to consent, right of access, and data use. Protecting the privacy of the data we hold or process is not only our ethical obligation, but also what the law requires of our company. We're relying on you to help ensure we comply with GDPR at all times.

interactive services compliance training data privacy training
interactive services compliance training data privacy policy
interactive services compliance training general data protection regulation