Remote working, rising cyber-crime and increased data protection regulation mean that it has never been more important to ensure your staff are well-trained. In this Q&A, Philipp v. Bülow of Lawpilots explains what a good training programme should include.
Could you present yourself and Lawpilots?
I’m Philipp von Bülow, the Chief Executive Officer of Lawpilots. I joined the company nearly two years ago after seven years at Jurato, a startup in the legal tech sector that I co-founded in 2013. Lawpilots is a legal tech startup based in Berlin, that was founded in 2017 by two well-known and -regarded data-protection specialists and one e-learning expert. The founding members used to train clients in-person in physical meeting rooms, but soon realized how inefficient that was — and how certifying trainees was prone to error.
Their experience – paired with the knowledge and skills in digitization and content creation of the other founding partners – led to Lawpilots’ founding. We’ve made data protection training sticky and easily-accessible to anyone, even those with no prior knowledge of the law, and can now deliver piece-of-mind to risk-averse management.
What are lawpilots next big challenges in the year to come?
We expect the challenges to be around building trust for digital training channels and certification, as well as producing relevant, legally-compliant training content for our clients.
Further challenges involve expanding our portfolio with additional relevant online training topics for our clients, reinforcing our position in the US market, and developing a new and more powerful LMS (learning management system) platform.
How important is the training of employees in data protection and IT security strategy?
We view regular, recurring GDPR- and CCPA-related training to be the best insurance against data leaks and successful hacker attacks.
Human error is far more likely to cause damage to an organisation than all the best software tools combined. So we have focussed since the beginning on easy-to-consume legal content and a certification process that lets management manage risk better.
Since the beginning of the pandemic, millions of workers have been asked to work from home; does this represent a threat in terms of data protection and cybersecurity?
Potentially this is a real threat to all businesses where a lot of personnel have access to and work regularly with customer/consumer data. It’s the corporations that have to take precautions to data leaks or wrongful handling of sensitive information. Routine acts like printing out information, contracts or customer lists at home can lead to data breaches, and could in turn result in huge damages for the employer.
We therefore recommend that each organisation define certain rules to be respected in the context of the home office, and to raise awareness of the possible data protection and cyber security risks that arise when working from home.
We created two of our newest online training courses — “Working from home“ and “How to deal with Coronavirus” — precisely in order to help companies raise awareness among their employees of the right practices to adopt both in the office and at home.
You also offer a wide range of compliance trainings; could you talk a little about what other problems your courses address?
We want to help companies and their legal departments provide to their teams the essential takeaways from any new regulations that may apply to their daily work. The field of compliance is very broad, but we focus on the employee perspective. What do they need to know in order to do their job without breaking any rules or regulations and without putting their organization at risk? So we’ve developed training courses on anti-corruption, anti-money-laundering, anti-trust, anti-discrimination, trade secrets and conflict-of-interest. Our content covers everything from how to address cases of discrimination in the workplace to the question of which invitations or gifts can be lawfully accepted by an employee.
What are the crucial elements of a compliance training?
The biggest challenge we face when creating a new course is how to convey complex legal topics to the learner in an understandable way, without losing the learner’s attention, and all the while ensuring that what they’ve learned will “stick” over time. Compliance training should always cover all relevant aspects of the law and/or regulations, which our courses do. But what’s even more important in our opinion is to present the content in a realistic context, to show real-life situations in which employees may be confronted with cases of compliance violations.
In summary, compliance training should include:
- a section that defines the key terms to be be used throughout the training;
- practical examples to help contextualize the topic;
- methods of identifying and recognizing potential compliance violations; and
- possible sanctions and/or risks that a company faces if the violations aren’t avoided — or aren’t properly identified and addressed.
What are the biggest challenges you have faced in conveying these complex topics to a wide audience?
First and foremost, reducing the complexity of these topics has been one of the biggest challenges. Everyone from a temp or admin to a CEO needs to understand and appreciate the importance of data protection, and to learn easy steps they can take in order to contribute to an organization’s compliance.
How does Lawpilots ensure that the information contained in the courses is retained and sustained by the trainees over time?
Our training sessions all follow the same seven success principles that we like to call “The Magnificent Seven”
1) Application: Easy to use both for administrators and for course participants, with a maximum training duration of 60 minutes.
2) Variety: Interactive elements convey the content in different ways, resulting in happy and attentive Trainees who retain the principles over time.
3) Choice: If you are not into gamification, the use of the interactive content is optional: learn the necessary concepts however you see fit. Only the dialogue games are an exception: these must be completed by every employee in order to complete the training.
4) Emotion: Learning experiences should be perceived as positive; this facilitates the formation of new synapses, and in turn fosters retention of the material. Our e-learning courses are designed to promote precisely these positive responses, which optimizes learning outcomes.
5) Practical examples: We use practical examples to convey complex legal issues as understandably as possible. Real-life examples help the participant achieve a better understanding of the topic.
6) Storytelling: A coherent narrative — with a plot that the trainee can follow from start to finish — increases participant engagement throughout the duration of the course, while at the same time illustrating complex issues in an easily-digestible way
7) Repetition: We ensure that the most important information is reinforced and tested several times throughout our courses, creating lasting awareness of the topics covered.
As we all know, COVID-19 was a great shock to the world’s economy. How did Lawpilots go through the crisis and what are your expectations for next year?
Well, we consider our company to have been largely spared by the crisis. We are obviously very concerned about the situation, especially for small businesses and cultural institutions. But because our business is based online, we thankfully have not suffered tremendously.
Remember that in-person training is simply not an option for most companies due to current COVID-19 regulations. COVID-19 has even accelerated the process of digitization of the economy, and e-learning is one area that has seen increased interest. So we do expect that the trend will continue to grow, and that e-learning will be increasingly recognized as a valuable training medium. But of course we also sincerely hope that the current situation will come to an end soon.
The largest data protection, privacy and security event of 2020, now available on-demand!
Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.
You can access the content from all four days, by registering for access to our PrivSec Global platform below.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.