Hi, and welcome back to Course 8, Session 2. We did training in the last one. This one's awareness. Rafa O'Brian here again and it'll be just really interesting to see a little bit of a contrast between training and awareness. Now, I put this slide up roughly within the last section as well, but I think it's important just to understand the difference between training and awareness. We talked about different types of training, where you are trying to fulfill a skills gap. We talked about competency in training and just specific types of training, where individuals have a school gap. But what we didn't necessarily talk about was awareness. We've talked about different training methods and who responds to what training method and how good is that training, and getting the message there, but we need to keep the message there. What I mean, this can take multiple forms. Well, you're going to need some strategy here to actually help get that message across and keep that message across. It depends on your different organization. Some organization send emails rounds, but they can be swiftly ignored. Some people put posters on the wall. They can be swiftly ignored. Some people put up screensavers on computer. They can be ignored as well. Some people say, 'Well, we'll buy you lunch if you come and learn something in a different department, does a presentation on a lunch and learn." All of these corporate communication styles really need to act in constant. At the end of the day, different people will probably respond to different types of messaging. Perhaps in a more salesy or marketing, a focused business, might even be some competition or something you win as a result, that has to focus the mind in a more competitive environment. We've got the training and we've got the awareness, different thing to do as well. The awareness is really about keeping the message there, really keeping the message there, and making sure that once the training has gone out, people don't forget. It doesn't fade away. There's a constant reminders in people's and that needs to be again scheduled to some program. To do that, we're going to probably need some communication strategy. Who we're going to talk to and when and why. Because you might even need to get awareness out to people who aren't just your staff, who aren't just your employees. You might need to make data subjects aware of what you're doing. Your partners aware of what you're doing. Even perhaps the general public aware of what you're doing. About here, you will probably going to need to engage with a communications division or a marketing individually if you've got one and actually think about how effective your messaging is, what topics you want to send messages on and how often and who. Because to me, it might be quite interesting and we'll talk what measuring and monitoring a bit later in the course. But one of the last things we'll talk about is measuring and monitoring. But when we're measuring and monitoring what we do, we have to understand well, where are my weak points? Are we getting a lot of data breaches? Are we getting a lot of access requests? Is the problem that people aren't reporting data breaches? Work out what your problems are and therefore, where you want to focus your messages. Sounds fairly simple and fairly easy. They're probably, yes, actually, where are my problems? What messages do I need to get out? A lot of people get it wrong. A lot of people when they're doing training and this is what computer-based training and awareness methods is actually they think they need to train everyone to be experts in data protection law and they don't. Most people just need to know what they need to know to do their job. They don't need to know about the ins and outs of global data protection laws. What do I need? If I see a document marked X, do I need to do Y or X? What skills do I need to do my job? What strategies do I need to have them play? Or what do I need to think about when I get a customer on the site? Think about what topics it is you specifically need messaging on. Then of course, again, the results of that messaging. How effective is that messaging? What do you want to achieve with that messaging? Is it stopping data breaches? Is it assisting customer complaints? Is it making sure that that training gets reminded to them, so that they remain effective in their jobs? Lots of different full processes around who you're going to communicate to and when and why, and then even how effective that messaging is being. Lots to think about, thereof awareness. Finally, I just wanted to talk a little bit around press and PR. Reputation management. I think reputation management, it becomes very interesting. When things go wrong and we'll talk about when things go wrong in a minute. When we talk about data breaches, we talk about how we actually respond to those data breaches and what we might have pre-prepared. When you have messages pre-prepared, it's great if you've got press statements there waiting, ready to go. But I think it's about more than that and I think this is where we need to sit down in our marketing departments, especially where if we deal with global privacy, you might be using privacy as your marketing messages, as your competitor. Again, I'll point you to worlds organizations, like Apple here, if you type into YouTube, Apple privacy video, or Apple privacy adverts, you'll see that they've really focused their marketing spend on not my phone is better than your phone, but we'll take care of your data, we'll keep you safe, very visceral messages. Perhaps ourselves made for someone might want to take that. Really you might want to talk to our marketing team and say, "Look, why don't we say, don't go to all those other medical companies, they'll sell your data. Come to us. We won't only keep your body safe, but we'll keep your data safe as well." There you go. Not a great tagline, but I'm sure it might be something that for press and PR might be a useful way of selling their services. Might even be a MAC string to your marketing bow if you like. How do you want your business to be perceived? How does the public perceive you? How does the public think that you'll protect them? What messages do you want to get over to the individuals about how you're going to deal with their data? Who do you want to be as a business? What brand identity do you want to give out? Then how is the marketing division going to give those key messages to the key audiences and of course evaluate how good to tell all that messages from across, what hits that has got and how that's changed the perception and has worked in organizations, which do actually have media management departments. They scan the newspapers and scan the media every day and look for negative things and they score that minus. Then they've got on hand almost like these positive stories and they say, if someone's given us minus 2, we will release a plus 3. Try and balance out the media, or at least try and manage the media to give a positive perception of the organization. Of course, the things you're doing in privacy, they have to be a positive message. They're the investment you're putting into managing people's personal data. There's only ever going be a positive message on behalf of your business. Whenever we talk about awareness, I want to make it clear we're not only talking about the awareness of internal staff, but we're also talking about the messaging you give out to your partners and to the general public as well. That's as far as we're going to go on training and awareness. In the next sessions, we're going to be talking is about keeping data safe. A lot of people confuse data protection and information security. But really the next sections, we're going to talk all the way through information security and data breaches.
