Training – 2nd element of the Accountability Framework

‘Accountability’ is one of the 7 Principles under the GDPR (General Data Protection Regulation). To ensure businesses comply with their accountability obligations, the ICO has now created a framework that breaks down the key elements of accountability in data protection.

As part of an ongoing series of blogs, CVG Solutions will be guiding you through the ICO’s 10 framework categories, taking a closer look at the importance of each aspect and how to adhere to them.


By embracing accountability and implementing effective training plans, you can boost your reputation as an organisation that can be trusted with personal data. Training is essential when it comes to generating awareness around data protection. It’s also a vital part of putting your company’s policies and procedures into practice. In order to make the training relevant it needs to be accurate, up-to-date and in line with the ICO’s regulations.


Training your staff in data protection laws and policies offers some significant benefits to the individual worker and the company as a whole:

  • It enables you to incorporate data protection into your operating processes and embed it into the organisational culture.
  • You can ensure that you are compliant with the laws.
  • You can show proof of the measures taken to comply.


Your organisation needs to have dedicated and knowledgeable resources to deliver the training effectively. Make sure it is comprehensive and for all members of staff, with annual refresher training to keep everyone up-to-date and in the know on company data protection policies and protocols. It’s also good practice to get new starters up to speed as soon as possible, so have them attend induction training within one month of their start date.

Provide additional training for specialist roles such as Accountable Director, DPO, Risk Management and Records Management teams that extend beyond the usual basic training, as they have more responsibilities in this area. It is worth producing a training analysis for staff in these specialist roles, and use it to inform the company training plan.

Keep clear records for each member of staff to show who has received training and to what level. You then have evidence to demonstrate that all  staff have completed the appropriate training for their role.

Key Areas of Training

Cover the key areas that all staff must be aware of:

  • Subject access request: this is where customers ask what personal information of theirs your organisation holds, where you acquired the data, how you’re using and storing it, and how the customer can exercise their information rights.
  • Data breaches: specifically which incidents’ need to be reported to the ICO, and how to do so.
  • Records management: The company’s records management policies, risks and protocol.
  • Data sharing: Your organisation’s policies and procedures to ensure all data is stored, managed and shared appropriately.
  • Information security: The company’s organisation and management of secure data.

It is always best to be thorough, so if you would like comprehensive checklists for key training requirements, we would be happy to provide them for you.

Check back for monthly updates and information regarding the ICO Accountability Framework. In December, we’ll be taking a closer look at Transparency. You can also read our first blog in the series on Leadership & Oversight.

CVG Membership

As a brand new addition to CVG Solutions, this November we are launching a membership package, designed to provide GDPR training to meet your training needs not matter your business size.

Sign-Up  for our FREE session on 10th Dec where you will also find out how you can get £960 worth of membership FREE.

If you require any further help, guidance, information or clarification, you can contact CVG Solutions at, or call us on 01775 660-506. Additionally, you can fill out a digital self-assessment form on the ICO website, here

About the Author

Cristina is recognized as a leader in the GDPR industry and has 25+ years of experience working for large international corporations. During this time Cristina has acquired an extensive knowledge and practical application of data protection, risk management and compliance.   Cristina uses all of her expertise in helping her clients of all sizes to improve their understanding of the GDPD, how it can strengthen their brand, and how it can support them to drive business growth.  Cristina is the creator of the ‘GDPR 3 Stages Maturity Lifecycle’ and of the ‘GDPR Toolkit’.  Click here to know more.