November’s awareness topic: privacy & GDPR update
Introduction and scope of the module
Privacy is a nebulous concept, with various implications under various circumstances. It includes aspects such as a person’s right to control
personal information about themselves, to restrict its use and onward dissemination or disclosure, and to insist that it is kept accurate and up
-to-date. Most of us value our private spaces and resent others encroaching too close. The increasing use of drones and other surveillance technologies raises privacy and security concerns. Such
matters are well worth discussing.
An obvious privacy concern right now is the imminent GDPR (General Data Protection Regulation), marking a distinct change of approach to
privacy in Europe, with global implications. The race is on to comply with GDPR within the next six months, and ensure that service providers also comply. Awareness is an essential part of the approach.
Our primary concern in this security awareness module is to help workers appreciate and fulfill their obligations under privacy policies,
laws and regulations, mostly by maintaining the confidentiality of personal information in their care. Compliance is not the only driver though: there are also sound business reasons for protecting and
securing personal information, hence the awareness messages for managers draw out the strategic, compliance and business aspects of privacy.
Explore the thinking that went into these awareness materials, and by all means tag-along with us as we develop next month’s module, on the NoticeBored blog.
November’s awareness materials are designed to:
Inform employees about privacy concepts and their compliance obligations;
Explain privacy-related information risks and promote the corresponding controls;
Describe what’s happening in Europe and globally with the GDPR;
Go beyond compliance, particularly for the management audience;
Provide information and motivational content, stimulating people to take privacy seriously.
There are briefings, presentations, quizzes and competitions, checklists, posters and more in the new module, a wealth of creative materials all ready to
use. To get your hands on it, drop us an email. Naturally, we promise to look after your personal information.
Nurturing the corporate security culture through awareness
Subscribe to NoticeBored for fresh perspectives on information risk and security within the corporate context. NoticeBored picks up on the strategic,
governance, compliance and business aspects, particularly in the management stream of course but the principles underpin the general staff and
professional streams too. Information is a valuable and yet vulnerable asset that needs to be protected and legitimately exploited for sound business
reasons - not just for compliance purposes or because we say so! Properly done, information risk management is a business enabler, with security awareness a vital part of the approach.