The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

All-staff training programme

You have an all-staff data protection and information governance training programme.

Ways to meet our expectations:

  • Your programme incorporates national and sector-specific requirements.
  • Your programme is comprehensive and includes training for all staff on key areas of data protection such as handling requests, data sharing, information security, personal data breaches and records management.
  • You consider the training needs of all staff and use this information to compile the training programme.
  • You assign responsibilities for managing information governance and data protection training across your organisation and you have training plans or strategies in place to meet training needs within agreed time-scales.
  • You have dedicated and trained resources available to deliver training to all staff.
  • You regularly review your programme to ensure that it remains accurate and up to date.
  • Senior management sign off your programme.

Can you answer yes to the following questions?

  • Are you meeting staff training needs effectively?
  • Have your trainers received appropriate training?
  • Are their responsibilities clear and could they explain how you implement their responsibilities in practice?