Training

Company training is a clear example of how the Data Controller must comply with the accountability principle pursuant to EU Regulation 2016/679: the adequate technical and organizational measures, in fact, cannot fail to include learning, by employees and collaborators who, in the exercise of their activities, are entrusted with personal data, with fundamental concepts of the privacy legislation, essential for a reasoned and concrete application of the principles of the Regulation.
Training must not be seen as a mere formal fulfillment, but requires the active participation of the subjects, being also aimed at focusing attention on concrete company dynamics and the related organizational structure, in order to identify not only from a formal point of view, but also substantial, role and duties of each data processing operator.
Training is therefore an opportunity to analyse any problems relating to the company’s privacy organization and resolve them by aiming at a concrete and proactive application of the law, which involves the entire data processing process, from collection to cancellation. Precisely for these reasons, training does not only include the study of the standard, but also the examination of practical case studies and analysis of business problems similar to that in which the trained collaborators work.