top of page
  • Writer's pictureEthena Team

Introducing our New Data Protection Training Course

Updated: Oct 28, 2022

Illustration by Megan Ruiz. IG: @Meganroseruiz,

In this article

What is Data Protection Training?

Do your employees need Data Protection Trainin g?

Why should you offer Data Protection Training?

What topics are included in Ethena's Data Protect ion course?

What sets Ethena's Data Protection course apart?

We are excited to introduce our hot-off-the-press Data Protection Training! With several new data protection laws coming into effect in 2023…are you and your employees ready? Preparing for these upcoming changes is like preparing for winter for the first time as an adult. You know it's coming, and you know you need to prepare. But what exactly do you need to do, and when? You may be wondering:

  • Do your employees need Data Protection Training? Or a refresher course?

  • Do you need to update your company policies?

  • Does everyone need to do it?

  • What topics should a Data Protection course cover?

Have no fear, we’ve got you covered. Supporting Legal, HR and Compliance leaders to help train their workforce on relevant laws is what we do. We just so happen to do it with cringe-free, modern compliance training.

What is Data Protection Training?

Data Protection Training is generally designed to teach employees the basics of data privacy and data security, and also educate employees about their roles and responsibilities in processing the personal information they encounter in the workplace (whether it be the personal data of customers, clients, employees, or others).

  • Data protection laws are becoming more prevalent in the U.S., including in states like California, Colorado, Utah, Connecticut, and Virginia. Unlike Harassment Prevention Training however, where state laws outline specific topics that must be covered in training, data protection training requirements often establish a general training requirement, but don’t specify what exactly must be covered.

  • Employees should be trained on their company’s specific policies and procedures related to data protection, but it is also important for employees to understand the basic principles of data privacy and data security as well.

  • The more your employees understand the expectations for the proper handling of personal data, the better. There are countless examples of companies of all shapes and sizes who have been impacted by improper handling of personal data.

What is Data Privacy Training?

Data Protection is more frequently used in countries outside the U.S. and essentially refers to the laws that govern the processing of personal data. In the U.S., it is more common to talk about data privacy training and data security rather than data protection, but they are essentially interchangeable concepts.

Do your employees need Data Protection training?

It depends. Some companies are required by law or contract to provide some or all of their employees data protection training. The International Association of Privacy Professionals (IAPP) gives general guidance on what states will be enacting these laws, and who is exempted or possibly affected.

But regardless of whether your company is required to provide training, it is generally a best practice to educate your workforce on data protection principles, and to teach them how to properly handle personal data in their possession.

Why Should You Offer Data Protection Training?

Regardless of whether your company is subject to data protection laws in the U.S. or abroad, or is otherwise required to provide training to your employees, it is still a good idea to be proactive in your data protection training efforts. It’s kind of like buying a snow shovel to prepare for winter…before the first snowfall is forecasted. Here are three reasons to implement data protection Training now regardless of any specific requirement:

1. Educate employees

Data protection training helps employees understand the legal landscape of data protection both in the U.S. and abroad. It gives you a chance to share your company’s policies and best practices for the proper handling and transmission of personal data. It is also important to tell employees the importance of protecting personal data from any security incident, as well as where to go and what steps to follow in the event of such an incident.

While it can be difficult to ensure that all your employees, including new hires receive their training, Ethena can help. With configurations to recommend Data Protection Training to certain employees, we take this manual administrative work off your plate (ie, we come ready with a snowplow so you don’t have to shovel).

2. Signal you take Data Protection seriously

Implementing data protection training on your own volition is a signal to employees, shareholders, regulators and the public that your company and leadership takes data protection seriously. It helps ensure your company is taking the proper steps to help protect itself from legal and financial risks associated with the mishandling of data.

3. Repetition builds retention

Conducting data protection training refresher courses annually can be a good proactive step to keep data handling best practices top of mind. With Ethena, this can be done easily. Three continuous learning modules are available in the Data Protection content library and are ready for manual assignment. Want to set it and forget it? Enroll your learners in recurring continuous learning to receive two short trainings automatically throughout the year.

What topics are included in Ethena’s Data Protection course?

With Ethena, we’ve got you covered. Our Data Protection course covers the below topics, and we still have more add-on microlessons in the works!

​Course Section



Core Curriculum Module

25-30 minutes

  • ​Data Protection Introduction

  • Privacy Basics

  • Data Security Basics

  • Data Protection Legal Landscape

  • Phishing

Optional Continuous Learning Microlessons

3-7 minutes

Role Specific:

  • Data Protection & Sales

  • Data Protection & Marketing

  • Data Protection, PHI, and HIPAA

What sets Ethena’s Data Protection course apart?

At Ethena, we’re committed to compliance training that changes workplaces. We were founded on the principle of not making mere “check-the-box” compliance training. So let’s dive into what sets Ethena’s Data Protection course apart.

1. Role-Specific Data Protection Training

Certain departments are more likely to handle personal data than others. And so we’ve developed training modules that are more tailored to their specific job duties.

Data Protection & Sales

This course goes into best practices for properly sourcing and storing business contact data, as well as outreach requirements, data minimization, and storage limits. Additionally, it covers sales best practices as actionable takeaways, like screening against “do not call” registers before telephone marketing, and including opt-out links in email marketing – to name a few.

Data Protection & Marketing

For our marketing course, we also cover topics like the Telephone Consumer Protection Act, email marketing laws, cookie-based marketing, and other topics. The actionable takeaways from this course cover marketing best practices such as checking local opt-in requirements for email marketing, creating and maintaining marketing suppression lists, and more.

2. Short modules that keep employees engaged

Ethena has been long committed to delivering content in innovative mediums to help employees learn. In our new Data Protection course, we’ve broken the topics into short modules that are designed to keep employees engaged. We’ve added multimedia components along with a new storytelling format that we’ve never done before. This course curriculum is the first of its kind where the illustrations follow a narrative story throughout each module that an employee can follow, helping them retain and stay engaged with the training content longer.

Illustration by Megan Ruiz. IG: @Meganroseruiz,

3. Realistic workplace scenarios

Preparing your employees for realistic workplace scenarios is where Ethena shines. No more dramatic black and white situations where the answer is obvious in training, but is not so obvious in a workplace setting. We believe the “gray area” situations need to be addressed, and your employees need to know best practices for handling these situations when they arise. Our inclusion-first lens to training makes sure to include a diversity of character names and character types, allowing for modern workplace scenarios to be truly relevant and relatable to today’s teams.

4. CCPA and CPRA training to come

We are currently working hard at developing a microlesson on how to handle job and applicant data for companies subject to the CCPA (C​​alifornia Consumer Privacy Act) as amended by the CPRA (California Privacy Rights Act). The CCPA exemptions related to workforce data are set to expire with the onset of the CPRA in 2023, and we want to help ensure that you are equipped to handle the new requirements.

Request a sample training today to see for yourself our dynamic approach to modern compliance training. And if you’d like to learn more about configurable Data Protection Training for your company, let’s talk. We might be a good fit!

Stats to prove it.

Latham & Watkins wrote about our unique and effective approach to harassment prevention. It’s less boring than it sounds!

“ (1).png

A company using Ethena could reasonably expect to face fewer enforcement actions and to be less vulnerable to liability for sexual harassment."

bottom of page