GDPR stands for the General Data Protection Regulation EU 2016/679 Regulation. It is in force from the 25th May 2018. The GDPR regulation can be viewed on the European Union's EUR-Lex database: here
Yes GDPR Training is a Legal Requirement for organisations and professional or commercial activity individuals who process the data of individuals within the European Economic Area (EEA) regardless of where the organisation itself is based.
Article 39 of the General Data Protection Regulation (GDPR) mentions that an organisation’s data protection officer needs to ensure awareness-raising and training of staff involved in personal data processing operations, and the related audits.
Article 47 also states that there is a need for ‘appropriate data protection training to personnel having permanent or regular access to personal data.’
Under the heading of ‘Accountability and governance’, The Information Commissioner’s Office (ICO), the UK supervisory authority who will be enforcing GDPR have previously written on their website that:
‘You must: Implement appropriate technical and organisational measures that ensure and demonstrate that you comply. This may include internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies.’
GDPR Training is a legal requirement because it helps to ensure that all staff understand how to process personal data in accordance with the requirements of the GDPR. GDPR training is also vital to help your staff understand peoples' rights under the GDPR. It also helps them understand what to do if there is a subject access request, a data breach or a request for rectification.
The ICO have also mentioned online that a Data Protection Officers tasks include advising you about the GDPR, monitoring compliance and training staff. Completing online GDPR training is an efficient way of following this ICO guidance.
Failure to provide GDPR training is a breach of Article 39 and 47 therefore it’s possible to ‘be subject to administrative fines up to 20,000,000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher’ - Article 83 (5)