Question 16
UnclassifiedWhat is the strongest privacy rationale for training employees on acceptable data handling?
Correct answer: B
Explanation
Training is the practical step that turns written rules into daily conduct, so employees know how to handle data in real situations. It also reduces avoidable mistakes, which is a core privacy goal because many breaches come from human error rather than policy gaps.
Why each option is right or wrong
A. Training guarantees there will never be an incident
B. Training helps translate policies into day-to-day behavior and reduces avoidable handling errors
Under the GDPR, controllers must implement appropriate technical and organisational measures, including staff training, to ensure and demonstrate compliance with the data protection principles in Article 5(1) and the security obligation in Article 32(1). In practice, training is the mechanism that converts written handling rules into consistent employee conduct, which directly reduces common human-error incidents such as misdirected disclosures, improper access, or insecure storage—exactly the kinds of avoidable failures privacy programs are designed to prevent.
C. Training removes the need for access controls
D. Training is relevant only for executives