A global insurance company needed to set up a privacy training programme to demonstrate full compliance with Art. 5(2) (the ‘accountability principle’) of the EU General Data Protection Regulation (GDPR).
Have a similar challenge?
This training needed to cover a very wide variety of role-based education, taking into account the variations in local legislation. The client’s staff regularly deal with sensitive personal data and therefore many business processes are, from a privacy perspective, considered to be vulnerable and of high-risk.
How Citihub Consulting Helped
Citihub Consulting was engaged for 6 months to develop a global privacy training programme, including course materials and trainers, and to produce regular privacy awareness communications.
Citihub Consulting’s data privacy consultants delivered:
- Engagement with Privacy Champions (within business and technology operations) to determine privacy training requirements;
- A privacy training approach & plan for high-risk areas;
- Comprehensive recorded web-based training courses covering topics such as Privacy Impact Assessments and Data Subject Requests;
- A series of live training workshops on Data Subject Requests for the global Human Resources team;
- A series of live training courses for business units and country Data Protection Officers;
- A full set of template responses for different types of Data Subject Rights Requests;
- GPDR training tailored to roles within the firm (e.g. Marketing, Compliance, Insurance Broking) and also tailored for EU country-specific privacy legislation;
- A regular privacy awareness communication as well as staff communication and education ‘reminders’ (e.g. posters, notices on intranet).
With input from Citihub Consulting and working collaboratively with the customer, training was created and distributed in line with regulatory requirements.