‘They say that small is beautiful. So, when it comes to embedding complex concepts that have a direct impact on staff behaviour – such as the new General Data Protection Regulation (GDPR) – microlearning has a vital role to play.
Your data is your most valuable asset – your competitors know it, criminals know it and your customers know it. That is why GDPR will enforce every individual’s privacy rights and the transparent disclosure of personal data breaches way beyond the scope of the current Data Protection Act 1998 that it will replace on 25 May 2018.The scale of GDPR is huge. It impacts anyone who handles or processes customer data within an organisation. In financial services that equals pretty much everyone!
In the previous edition of this publication, our partners at financial services training experts, FSTP, explained that HR departments are under increasing pressure to support projects such as GDPR, with their role moving towards providing integral and critical business support. For example, in addition to their ‘day job’, HR departments are being asked complex questions about the data held on employees, and who sees what and when.
Anyone who handles or processes customer data must understand the principles of GDPR and any exemptions that apply;
GDPR is also bound to be a favourite topic on which the regulator will probe firms, and senior managers will need to be able explain a firm’s approach to GDPR and how it fits in to the wider training and competence culture demanded under the Senior Managers and Certification Regime (SMCR).Then there is the due diligence required on third party service suppliers, who might see your data and vice versa, to make sure these interactions do not leave your firm at risk of non-compliance with GDPR. Who leads on that?
FSTP confirmed project work around GDPR is underway. But although most firms’ gap analysis will have mapped the 99 articles and highlighted those affecting them, getting their systems and controls for data management right remains a huge task. After all, while your business may have the systems and controls in place for GDPR, Â unless your people know what’s expected of them, achieving compliance will be difficult. So how are you training them?
The need to knows
Forget your day job for a second; outside of work you too will be a customer of multiple organisations.
When you are speaking to an organisation with which you have a contractual agreement, you will want to know your data is being handled and processed correctly; that the person you are dealing with understands and follows the latest rules and regulations; and that your personal information will be safely guarded. So what will that person need to know to ensure this is the case? Anyone who handles or processes customer data must understand the principles of GDPR and any exemptions that apply; be able to recognise the lawful conditions that can be used to justify processing data; explain your rights under the GDPR, and know what to do in the event of a data breach
These are complex issues, and with the GDPR deadline looming, embedding this knowledge, and even more importantly, new behaviours in your staff and senior managers is critical. After all, under SMCR, set to come into force for a further 52,000 firms next year, senior managers are accountable for the ongoing competence of their staff. Making this information digestible and effective in motivating behavioural change is key and is where microlearning can make all the difference.
Take a bite
The growth in the use of mobile technology in our personal lives has raised expectations around the user experience in the corporate learning environment. Even if a learner is completing training on their desktop at work, the expectation will be that content is bite-sized, engaging, relevant to their role and features a blend of high-quality graphics and video /audio.They want learning activities available at the point of need, accessible from any device, with reinforcement to support behavioural change.
Apply this to GDPR and here’s how might it look..
Begin with a short video to give context and engage the learner, followed by a series of eLearning modules to raise awareness of what they need to do differently under GDPR, and practical case studies and scenarios where learners can apply the new knowledge and see the consequences.
Further interactive eLearning modules focusing on lawful processing and consent and individuals’ rights would follow, before a final assessment to demonstrate understanding. To reinforce the learning and provide the opportunity for refresher training, a summary of the key points helps to embed new behaviours.
All bite-size learning activities organised into one learning pathway, which can be taken at the desktop or via a mobile device and/or an app when and where the individual wishes.
The big picture
The growth in microlearning is all part of a broader shift from ‘push’ to ‘pull’ in terms of learning content, whilst continuing to recognise that with regulatory topics, the organisation must drive the process so learners know what is expected of them. Even the most heavily regulated firms now recognise the key to changing behaviours and embedding a compliant culture is to encourage more informal and flexible learning opportunities. Mobile technologies are the ideal medium for continuous learning and apps can play an effective role in driving engagement given their ubiquity in our every day lives. An interesting point to note at this stage is this more self-directed approach to learning is, by default, encouraging learners to carry out activities in a BYOD environment where they have all their favourite distractions close to hand and other mobile alerts and notifications fighting for attention. Working closely with our games division, Amuzo, has given us a strong focus on making sure our microlearning activities fit with the way people already use their mobile devices, to provide a seductive user experience on a par with their other apps.
For financial services firms, getting GDPR right is business critical and with good reason; a potential fine of up to Euro20m or 4% of worldwide annual turnover of the previous financial year for the severest breaches is a hefty threat, not to mention the reputational damage and loss of customer confidence that comes from damning headlines.
Yet before letting the seriousness of the subject cloud your judgment on how to best train your staff in GDPR, really consider how they want to learn.Of course you will have to maintain some centralised control and give them what they need to know. But leveraging the potential of microlearning, and the personalised, collaborative and informal learning experience it creates, can augment and enhance the traditional learning approaches to everyone’s benefit.