top of page
Image by Carlos Muza


The law of May 25, 2018 concerning the GDPR has made training a priority.

On May 25, 2018, the General Data Protection Regulation (GDPR) became a harsh and permanent reality of doing business in the European Union. It doesn't stop at the physical borders of the EU, and it empowers data protection authorities to impose penalties of up to € 20 million, or four percent of an organization's annual revenue, in the event of a data protection breach.

Despite this enormous risk, thousands of businesses have failed to plan and implement GDPR compliance programs or to train their staff. Some don't even know for sure if the GDPR applies to them. This ignorance can cost money, damage reputations and erode the trust of customers, employees, suppliers and partners.

You don't have to be one of these organizations. Use this guide to determine if GDPR applies to you and how to take the first steps towards compliance.

Does GDPR apply to your organization? (Hint: it probably is.)

In addition to this, you will need to know more about it.

The GDPR applies to any organization, anywhere, that collects, holds or processes personal data
originally from the European Union. The sale of goods or services, advertising and marketing or any form of behavior monitoring is the main activity that falls under the GDPR.

It bears repeating because many organizations assume that they are outside the applicable realm of the law: GDPR doesn't care where you are located . For example, it could apply to all of these organizations:

In addition to this, you will need to know more about it.

  • A Canadian online retailer with customers in the EU

  • A Japanese smartphone app with EU users

  • A US cloud service provider that stores data for an EU customer

  • An Indian website that deals with hotel reservations from all over the world.

None of them are based in the EU. They operate in different sectors and yet they are all subject to the GDPR.

Are you?

In addition to this, you will need to know more about it.

GDPR compliance requirements


GDPR has over 100 pages of definitions and requirements. Some of the regulations only apply to certain organizations. However, in general, most organizations that fall under the GDPR may be required to do the following:

  • Appoint a data protection officer (DPD)

  • Explain to customers, precisely and clearly, how their data will be used

  • Obtain the explicit consent of individuals for the collection and use of their personal data

  • Set up an opt-out process

  • Report data breaches within 72 hours of discovery

  • Erase personal information of individuals upon request

  • Train employees in the proper handling of personal information


Compliance with the GDPR encompasses all departments and individuals who touch personal information. Adding a process here and there will not allow your organization to achieve its goal. Data privacy should be part of your operational DNA.

Risk reduction through training

Compliance with the GDPR revolves around the people who process personal data. More than 90% of data protection incidents are committed by employees, according to surveys from IBM, Willis Towers Watson and Verizon. In the new world of GDPR, any data breach is a potential penalty.

The risk associated with the misuse of personal data by a company's employees makes GDPR-related training of significant importance. The GDPR gives data protection authorities the flexibility to reduce financial penalties on organizations that they believe have shown good faith and efforts to comply. Comprehensive training shows good faith effort while reducing the risk of violations caused by human error.


Training should be an important component of any GDPR compliance program. However, it can be difficult to know which of the many training options available on the market will suit your program. As an official training partner of the IAPP, Satom IT & Learning Solutions is here to guide you. We design training tailored to the needs of any business in a precise and economical way. People are your greatest risk from exposure to GDPR penalties. But they are also your greatest asset. It is the training that makes the difference. Let's start building your program together.

bottom of page