Data protection and cyber security
We remain firmly committed to the protection of personal data and during 2019 several policies were added, and improvements made to existing processes, to ensure protection. These included awareness campaigns for cyber security and ‘phishing’, further training in GDPR compliance and an audit on our IT infrastructure. This audit has led to the development of a technical improvement plan and the optimisation of data breach procedures. To ensure our employees are aware of their data protection responsibilities, we organised a GDPR training campaign for our European staff. A large majority of the target group (472 employees) received training via an online program ending in a mandatory graded quiz and the acknowledgement of our Data Protection Policy. The training was successfully completed by 97% of the target group.
Technical IT, marketing and HR departments attended in-depth face-to-face workshops delivered by our data protection coordinator as they have increased focus on GDPR in their daily operations.
The effectiveness of training and awareness of GDPR is demonstrated by a significant increase in questions and issues raised by employees. In 2019, over 20 items were reported, compared to five items in 2018. We will continue to increase awareness for cyber security and data protection in 2020.