Digital transformation has become essential today for companies who want to take advantage of the potential offered by digital technology to develop their sales. It gives them access to an invaluable amount of data and leads them to manipulate it regularly. Regulations have been put in place to ensure the protection of this professional data in the face of its vulnerability to computer hacking.

This presupposes strict supervision of the use of IT tools in the company and, above all, training of employees in the handling and protection of professional data. So, is it imperative to train company personnel in the use and protection of data? What is the point?


There are 3 main advantages of training your employees in the use of professional data.

To comply with regulations

The training of your employees in the use and protection of computer data is an obligation provided for in the GDPR, which entered into force and which specifies all the provisions relating to data protection in companies.

The obligation is provided for in the provisions of article 39 of the regulation which specifies, among other things, the missions of the data protection officer, in particular the control of compliance with the obligations of the data controller in raising awareness and training staff who participate in the processing operations.

The GDPR does not provide for any particular training method but expressly provides for this obligation, which gives you freedom as to the forms of this: face-to-face training, online training, inter-establishment training … The main thing is to choose a modality adapted to the actors of the company and which falls within its training budget.

Note also that the GDPR does not specify the category of staff who should benefit from this training, but indicates that it is intended for staff who participate in data processing operations. You must therefore ensure that the employees who process the data can benefit as they should from the training and in particular the data protection officer, who must be able to justify the necessary knowledge with regard to the law and the practices in this field. data protection. Employees occupying certain key functions leading them to handle personal data must also be concerned by training actions and in particular employees of human resources, customer service, IT, etc Likewise, companies whose main activity is to process sensitive data must ensure that their staff receives the appropriate training. These include, for example, insurance, hospitals, clinics, etc Finally, it is important to specify that data protection awareness must be extended to all staff without distinction of position or department

To ensure business cybersecurity

The staff training RGPD should not be considered only as a legal obligation that must be shipped in a compliance concern. You should also consider its usefulness for your business security.

This allows you to reduce the risk that sensitive data in your company, and by extension the company itself, will be the target of common cyber attacks such as ransomware, malware, data theft, etc.

By making your workforce aware of the importance of protecting professional data, you prevent these risks, while by training them, you ensure that you equip them with the necessary knowledge to deal with risky situations.

A competitive advantage to take into account

Training employees in the GDPR is part of a global approach to bring the company into compliance with regulations: implementation of a resilience strategy relating to cybersecurity, the establishment of a register, the definition of a procedure to be followed in suspected attack …

This means that the company meets specific standards with regard to the processing of its data and by involving its human resources in the process, it ensures lasting compliance. This is an argument that can have weight in terms of the competition. Indeed, by claiming that your employees are trained in data protection in the performance of their daily tasks, you have an advantage over companies that have not yet taken this step.


Raising employee awareness of data protection no longer only concerns team managers. It must be extended to all staff who handle them or who have access to them on a daily basis in the course of their work.

But how can all of the company’s employees be effectively trained in data protection? Note that although the regulations do not set specific training methods, the CNIL, which is the supervisory authority in matters of data protection, defines the various requirements in terms of the content of employee training.

What should be the content of the training?

The training must allow the achievement of specific objectives, namely: understanding the challenges of the GDPR and its consequences on the operation of the company, mastering the GDPR regulations and securing the handling of personal data , implementation of the regulations in the life of the company as well as an understanding of the penalties in the event of a breach of the protection of personal data.

The training methods

Currently, many professionals offer training packages specially designed according to the number of employees and the needs of the company. This is usually one or more face-to-face training sessions provided by data protection professional Less flexible companies can opt for online training, which offers the advantage of being able to be deployed on a large scale, and therefore for a significant number of employees Whatever form of training you choose, you must ensure that it meets the requirements of the CNIL in terms of content to be in compliance with its requirements with regard to data protection in the context of professionals.

Leave a Reply

Your email address will not be published. Required fields are marked *