Refresher training

Ways to meet our expectations:

• Include key areas of data protection in refresher training, such as handling requests, data sharing, information security, personal data breaches and records management. 
• Assign the responsibility to oversee and approve refresher training to the DPO, information governance manager or equivalent.
• Require staff complete refresher training at appropriate intervals.
• Require all grades, including senior managers to complete refresher training.
• Deliver refresher training to all staff including voluntary, temporary and contract staff.
• Provide alternative refresher training to non-computer based staff, if the refresher training is primarily computer based.
• Document when staff last received refresher training by keeping complete and up-to-date records.
• Periodically review the refresher training material to ensure it remains up-to-date and fit for purpose.
• Assess staff understanding of the training using a knowledge check with a minimum pass mark. Support staff who need further training if they consistently do not achieve the minimum pass mark.

Options to consider:

• Implement a system which notifies staff and managers about upcoming refresher training.
• Periodically refresh training material to keep staff engaged.
• Periodically review and change assessment questions.
• Set a specified timeframe for staff to complete refresher training.
• Remove access to personal information if staff do not complete refresher training within the specified timeframe.
• Monitoring staff completion rates.
• Assign responsibility to heads of departments or managers to confirm staff have completed refresher training within a specified time frame.