Skip to main content
Hafan

Follow up on non-completion of training

Download options

Contents

Control measure: There is a process to identify and follow up on non-completion or non-attendance of data protection related training.

Risk: If there is no process in place to identify and follow-up when staff miss or fail to complete training, there is an increased risk of personal data breaches and non-compliance with data protection law. 

Ways to meet our expectations:

  • Allocate responsibility for identifying staff who have not completed or attended data protection training, and for ensuring the staff complete it.
  • Implement procedures to ensure that a staff member completes or attends data protection training as soon as possible, if they have failed to do so.
  • Consider removing access to personal information from staff who fail to undergo data protection training. 

Options to consider:

  • Allocate some specific ‘protected’ time for staff to complete training.