How to Stop Boring Your Employees: Human-Centred Data Protection Training

There is still too much generic education and training material that may tick a box, but only superficially equips employees with the knowledge and skills they need to understand the actionable steps they need to take in the context of their daily work.

At Purpose and Means we really do focus on the needs of employees (including leadership) and the positive experience they need to have whilst engaging with our materials.

To achieve this, the development and delivery of education and training must be fundamentally human-centred. We use a comprehensive methodology, so we can establish a streamlined framework that prioritises learner engagement and long-term behavioural change.

Discovery #

The process commences with Discovery. Conduct targeted research — surveys, interviews, role analyses — to understand the learners: their existing knowledge, specific pain points, and daily workflows. At the same time, we conduct Context Analysis, encompassing cultural norms, policy frameworks, and technological infrastructure. This dual assessment forms the basis for relevant and impactful training. This initial phase is extremely important.

For example, we helped a MedTech client a few years ago establish a year-long programme where Purpose and Means acted as their “virtual communications and change department.” During Discovery, we identified a number of pain points including data protection-related knowledge gaps with their sales and marketing teams. The sales teams were interacting with hospitals and healthcare professionals but struggled to convey the data protection-related aspects, and the marketing colleagues were not fully aware of the opportunities (and not just constraints) when working around the legal requirements. Generic materials would not have helped either stakeholder group.

Sensory & Narrative Design #

Sensory and Narrative Design is critical. We define clear, human-centred learning objectives that translate laws and regulations into behavioural outcomes and connect data protection and GRC to ethical values. We cultivate a compelling narrative, illustrating the human impact of personal data breaches and emphasising the learners’ role in protecting personal data. We design various engaging learning experiences that cater to diverse learning styles, incorporating visual aids, interactive discussions, simulations, and case studies that will resonate. We then develop high-quality, highly visual, actionable learning materials that are clear, concise, and readily accessible.

Delivery & Refinement #

Delivery and Refinement is crucial for optimising training effectiveness. Prior to implementation, we conduct pilot testing with representative learners, gathering feedback and analysing performance data. We then iterate upon the training design, making necessary adjustments and material updates based on the pilot results. This iterative process ensures the training is continuously refined and tailored to the specific needs of the learners.

Embedding & Long-Term Impact #

Finally, we focus on Embedding and Long-Term Impact. We facilitate education and training with empathy, encouraging open dialogue and active participation. Beyond the sessions, we implement post-training reinforcement strategies: regular communications, accessible resources, ongoing support channels, and periodic refresher sessions. We then work with you to monitor and evaluate the long-term impact of the training on data protection behaviours, incident rates, and company culture.

Does this resonate? Feel free to get in touch to arrange a no obligation call to discuss your communication and change management needs.