GDPR – What is true
- The fines are very high;
- They will occur without the organizations realizing, because each citizen is a fiscal;
- They are essential to protect anonymous citizens, with the EU as their provider;
- The new regulation came into force on May 25, 2018.
GDPR – fake news:
- Nobody gets prepared with an exposure training action of 4 to 8 hours to deal with the complexity of the General Regulation of Data Protection (GDPR), because as the people say: “enters by one ear leaves the other”, that is, it is a false idea of learning, since these face-to-face courses do not have evidence or other means to evaluate participants’ knowledge;
- Webinars, much used by computer companies, even when the session is recorded on the computer so that the participant can listen to it several times, does not have training instruments, nor does it allow to evaluate if what the person “learned” is acquired, since there is total absence of simulators or other means of practical learning;
- Workshops should in principle be places of practical learning, but as in most cases in overcrowded rooms, although they have this designation, they are only expository sessions, in which the different speakers explain the GDPR through Power Point, where they present the main points of this Regulation;
- Debates, while a noble way of learning, are mostly covert expository processes, as there are one or several speakers to raise questions for discussion, but due to the exaggerated number of participants in these events, there is not much room for discussion , which is why learning is often illusory, since there is no way to assess knowledge, which is serious in the case of GDPR, since it requires a practical acquisition on how to use the tools essential to the processing, collection and storage of data personal.
In short, the different offers that promise rapid learning in face-to-face format are true fallacies, as they assure organizations that within a few hours it will be possible to learn a vast and complex subject; even if they are people who only need the basic information from the RGPD, since even they need to learn how to manage the data based on their own documents and tools.
There is a paradoxical situation in the application of the GDPR, since there are excellent face-to-face courses, but they require many hours, that is, the employees who work with data have little availability. Even for Data Protection Officers (DPOs), who have an increased responsibility, the problem is no different, since they require training actions with a minimum of 35 to 40 hours, which is almost impossible to attend because they are people who in organizations have, besides these, other types of responsibility.
It is not necessary to “square the circle” to solve the problem of GDPR and DPO, because the solution is ahead of us, through online, interactive, multimedia and responsive courses where it will be possible to learn at our pace, doing it where and when we wish, that is to say, whether we are talking about a basic or very technical learning of data protection, there must always be three essential situations: theoretical learning, acquisition of skills in filling in documents and use of tools or simulators, as well as systems of tests that validate the level of knowledge achieved.
In the introductory GDPR we should have as main objective that the learners be able to describe the whole process, to identify the situations liable to fines and to know how they should solve these problems, through own instruments and how everything should be reported to the competent entities. In the case of DPOs, no professional shall assume responsibility as a Data Protection organization if he or she is not competent to design, organize and control a specific process of the entity that attributed these functions, so you must master all the instruments that only a serious, objective and quality course can offer you, so that you can adapt them to your reality.
Lisbon, 10th July of 2018
António Augusto Fernandes, Ph. D.
Specialist in Educational Sciences