IVI Framework Viewer

Staff Awareness

B1

Raise awareness of the need to protect personal data. Provide data protection training for employees.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Staff Awareness at each level of maturity.

1Initial
  • Practice
    Disseminate data protection processes, policies and other relevant information.
    Outcome
    Communication and training on data protection (if any) is ad hoc.
  • Practice
    Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
    Outcome
    Basic data protection awareness is communicated to IT stakeholders and basic training exists within IT.
    Metric
    % employees provided basic data protection awareness training.
  • Practice
    Provide training content in data protection practices and develop knowledge and skills.
    Outcome
    Communications and training are growing a data protection aware culture in IT and some business units.
    Metric
    % employees provided basic data protection awareness training.
2Basic
  • Practice
    Disseminate data protection processes, policies and other relevant information.
    Outcome
    Available communication and training has established a data protection culture organization-wide.
    Metric
    % employees provided basic data protection awareness training.
  • Practice
    Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
    Outcome
    Data protection communication and training are evaluated and regularly improved across the business eco-system.
    Metric
    % business units with data protection champions
  • Practice
    Provide training content in data protection practices and develop knowledge and skills.
    Outcome
    Data protection knowledge maintenance (if any) is ad hoc.
3Intermediate
  • Practice
    Disseminate data protection processes, policies and other relevant information.
    Outcome
    Basic and role specific training on data protection is provided and is up-to-date.
    Metric
    Frequency with which data protection processes and procedures are updated.
  • Practice
    Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
    Outcome
    Intranet data protection information includes FAQ and user forums.
    Metrics
    • Frequency with which data protection processes and procedures are updated.
    • Frequency at which staff are provided refresher or top up training on data protection.
  • Practice
    Provide training content in data protection practices and develop knowledge and skills.
    Outcome
    Lessons learned help improve Intranet data protection information.
    Metrics
    • Frequency with which data protection processes and procedures are updated.
    • Frequency at which staff are provided refresher or top up training on data protection.
4Advanced
  • Practice
    Disseminate data protection processes, policies and other relevant information.
    Outcome
    Lessons learned from across the business ecosystem and society are added periodically to the knowledge database.
    Metric
    # Training material updated from lessons learned.
  • Practice
    Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
    Outcome
    Data protection knowledge maintenance (if any) is ad hoc.
  • Practice
    Provide training content in data protection practices and develop knowledge and skills.
    Outcome
    Basic and role specific training on data protection is provided and is intranet available.
    Metric
    % data protection practices supported by available training.
5Optimized
  • Practice
    Disseminate data protection processes, policies and other relevant information.
    Outcome
    Up-to-date data protection information and training are readily available.
    Metrics
    • % data protection practices supported by available training.
    • # staff provided training on data protection practices.
  • Practice
    Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
    Outcome
    Lessons learned help improve Intranet data protection information.
    Metrics
    • % data protection practices supported by available training.
    • # staff provided training on data protection practices.
  • Practice
    Provide training content in data protection practices and develop knowledge and skills.
    Outcome
    Lessons learned from across the business ecosystem and society are added periodically to the knowledge database.
    Metrics
    • # Lessons learned added per month.
    • # New controls in place from lessons learned.