If there is one thing that defines the way that our economy and society are changing, it is data. From open data, like real-time public transport information and government statistics, to the increasing amounts of personal data that we all share as part of our daily connected lives, data has become indispensable to a degree that it never has been before.

An interesting, and sometimes surprising, exercise is to think back to the moment you woke up this morning and note every time you used personal data in a transaction through your day so far. Did you give personal data when buying a train ticket or refilling the fuel-tank on your car? Did you add to your search and advertising profiles when looking for the news headlines? Did you contribute to a marketing profile when you bought your morning coffee? Modern life runs on data.

With so much personal data flying around, it can sometimes be difficult to know how to deal with it as an organisation that processes it. With strong regulation of how personal data can be used, it is important to make sure that data is protected and used in the right way. The only way to do this is to make sure that your staff have the right skills to handle personal data safely.

Few businesses can be unaware that the law on data protection in Europe is being shaken up soon with the General Data Protection Regulation, or GDPR for short. The GDPR brings data protection rules up-to-date and sets out clear and firm rules for what data can be collected and how that data can be used.

A key element of the GDPR is how it defines who is involved in processing data, and therefore, who needs to know how to safely handle personal data. The new rules are broad and mean that more people than before need to have data protection skills. This is even recognised in the GRPR itself, which calls for codes of conduct to be created by organisations such as professional associations, that can, “contribute to the proper application” of the GDPR.

Getting ready for GDPR is a big job. Existing data needs to be audited to make sure that it is being processed in a way that is compliant, and the way that organisations acquire personal data needs to be examined to protect individuals’ private data. But as we can see in other areas of workplace skills, people can’t be expected to just know what to do. How many staff in a marketing department realise that the email lists they manage and some of the online analytics data that they collect as a routine part of their jobs have big implications for data protection?

There are a lot of examples of companies getting it wrong. Data breaches, where personal information like credit card information, social security or ID numbers, and names and addresses are leaked, occur too often. Think back to the leak of the personal data of millions of Americans by a major credit-reference agency in 2017. The consequences for individuals of poor data protection can be severe. But under GDPR, the consequences for organisations can be significant too. High financial penalties await organisations that misuse or fail to protect personal data.

Lots of work is needed to give data protection the priority that it needs to have, but a key element of that will be making sure that everyday workers have the skills and ability to deal with data protection in their workplace, and that means we need a focus on skills for data protection.