The Need for Data Privacy Training Continues to Grow — Your LMS Can Help

Description tag: Data privacy training is a must for companies that collect customer data. Learn about the latest in data privacy and 3 steps you can take for better training.

Over 120 countries around the world have data laws on the books. But even so, we’re seeing a record number of data breaches in 2020.

For many companies, you’re not only dealing with industry-specific regulations, but data laws, too. The complex web of regulations governing many industries is getting even more complicated, and the liability has never been higher.

You have to abide by the law while running your enterprise. But with new data laws on the books, how do you stay on the right side of the law?

New developments in privacy laws

It’s important to understand new and emerging laws governing data. These laws aren’t industry-specific, which means they have a significant impact on all aspects of your business.

Data protection became a priority for businesses in May of 2018, when the European General Data Protection Regulation (GDPR) went into effect. GDPR was not only far-reaching, but gave teeth to its regulations. Businesses have paid millions in GDPR fines as a result.

The cost of non-compliance is just too high for most companies. Understand which laws are on the books now and what’s coming down the pipeline to better prepare for compliance.


There’s no federal law in the US similar to GDPR, but that hasn’t stopped each state from enacting strict data policies. While the GDPR applied to EU citizens’ data, the California Consumer Privacy Act (CCPA) applies to California users’ data.

Since January 2020, the CCPA requires any business tracking California users’ data to gather consent and limit data access. It’s the most comprehensive data privacy law in the US to date, and if any of your contacts live in California, your pharma company has to follow these regulations.

2. New York’s SHIELD

New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into effect in March of 2020. Like California, this law applies if you use private information from New York residents.

You’re required to have specific administrative, technical, and physical safeguards in place for New York data. The law also allows for penalties up to $5,000 per violation.

3. India’s Personal Data Protection Bill

India introduced the Personal Data Protection Bill in December of 2019. This pending law would create the Data Protection Authority (DPA) to oversee the use, processing, and storage of Indian citizens’ data.

Like the GDPR, you need user consent and proof of consent to use someone’s data. However, it requires businesses to share non personal data to the government and includes strict requirements for transferring data outside of the country.

4. China’s Data Security Law

China is currently drafting legislation for a sweeping Data Security Law governing data collection, storage, processing, use, and access.

The bill would standardize data collection and management by creating inspection standards and certifications. This law would impose steep fines on businesses for breaches as well as private fines on individuals in charge of these businesses.

3 ways to mitigate data liability

No matter where your business is or where your patients live, there’s a good chance you have to follow a combination of international and domestic data privacy rules. With more states and countries adding their own privacy laws, your business has to keep up.

Breaches can still happen even with the best systems and processes. However, you can minimize liability and protect your business with the 3 next steps.

1. Empower people

Your business has a treasure trove of data for both your patients and your employees. Because of data privacy laws, though, you need a very specific reason to collect this data.

Allow people to revoke their consent at any time. You should also document when people ask to delete that data, where the data is stored, how to delete it, and how long the deletion will take.

Some freedom of judgment on the part of your employees can also benefit your organization. Bayer’s US-based data privacy manager Catalina Morales says that all of their worldwide operations must meet the minimum standards that Bayer sets. But she gives staff leeway to modify their SOPs to match stricter regulations that can apply at a local level.

2. Aggregate and encrypt all data

Most pharma businesses aggregate and anonymize their data. This is a great way to stay compliant because you can’t access a single individual’s data.

But what happens if you can’t aggregate data?

In this case, your organization needs to aim for 100% data encryption at all times. Encrypted data protects everyone in the event of a breach, showing hackers unusable data instead of patients’ real information.

3. Invest in data privacy training

Regulations mean nothing if your team doesn’t follow them. Stay compliant by training all employees to follow global data privacy practices with a platform designed to meet privacy standards.

Dokeos helps IT departments train leaders on best practices for data privacy training, as well as the risks of non-compliance. By pairing pharma SOPs with an engaging, effective LMS, Dokeos helps pharmaceutical companies standardize daily workflows that precisely match your governing legislation. The platform is specifically designed to meet users’ privacy requirements, too.

Protect the data, protect yourself

Pharma regulations are becoming even stricter. Data drives pharma profits, but you have to protect that data at all costs. Balance compliance, innovation, and profitability by understanding the latest data regulations from around the world. Keep your team on the same page in an ever-changing future with data privacy training and make violations a thing of the past. Reach out today to learn more about why elearning with Dokeos is the best choice for your team.