Staff Awareness
Raise awareness of the need to protect personal data. Provide data protection training for employees.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Staff Awareness at each level of maturity.
- 1Initial
- Practice
- Disseminate data protection processes, policies and other relevant information.
- Outcome
- Communication and training on data protection (if any) is ad hoc.
- Practice
- Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
- Outcome
- Basic data protection awareness is communicated to IT stakeholders and basic training exists within IT.
- Metric
- % employees provided basic data protection awareness training.
- Practice
- Provide training content in data protection practices and develop knowledge and skills.
- Outcome
- Communications and training are growing a data protection aware culture in IT and some business units.
- Metric
- % employees provided basic data protection awareness training.
- 2Basic
- Practice
- Disseminate data protection processes, policies and other relevant information.
- Outcome
- Available communication and training has established a data protection culture organization-wide.
- Metric
- % employees provided basic data protection awareness training.
- Practice
- Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
- Outcome
- Data protection communication and training are evaluated and regularly improved across the business eco-system.
- Metric
- % business units with data protection champions
- Practice
- Provide training content in data protection practices and develop knowledge and skills.
- Outcome
- Data protection knowledge maintenance (if any) is ad hoc.
- 3Intermediate
- Practice
- Disseminate data protection processes, policies and other relevant information.
- Outcome
- Basic and role specific training on data protection is provided and is up-to-date.
- Metric
- Frequency with which data protection processes and procedures are updated.
- Practice
- Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
- Outcome
- Intranet data protection information includes FAQ and user forums.
- Metrics
- Frequency with which data protection processes and procedures are updated.
- Frequency at which staff are provided refresher or top up training on data protection.
- Practice
- Provide training content in data protection practices and develop knowledge and skills.
- Outcome
- Lessons learned help improve Intranet data protection information.
- Metrics
- Frequency with which data protection processes and procedures are updated.
- Frequency at which staff are provided refresher or top up training on data protection.
- 4Advanced
- Practice
- Disseminate data protection processes, policies and other relevant information.
- Outcome
- Lessons learned from across the business ecosystem and society are added periodically to the knowledge database.
- Metric
- # Training material updated from lessons learned.
- Practice
- Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
- Outcome
- Data protection knowledge maintenance (if any) is ad hoc.
- Practice
- Provide training content in data protection practices and develop knowledge and skills.
- Outcome
- Basic and role specific training on data protection is provided and is intranet available.
- Metric
- % data protection practices supported by available training.
- 5Optimized
- Practice
- Disseminate data protection processes, policies and other relevant information.
- Outcome
- Up-to-date data protection information and training are readily available.
- Metrics
- % data protection practices supported by available training.
- # staff provided training on data protection practices.
- Practice
- Identify impacting changes in the data protection environment and ensure that training provided reflects this for staff.
- Outcome
- Lessons learned help improve Intranet data protection information.
- Metrics
- % data protection practices supported by available training.
- # staff provided training on data protection practices.
- Practice
- Provide training content in data protection practices and develop knowledge and skills.
- Outcome
- Lessons learned from across the business ecosystem and society are added periodically to the knowledge database.
- Metrics
- # Lessons learned added per month.
- # New controls in place from lessons learned.