Hut Six Trains Clients in the Art of GDPR Compliance

20 years of technological advancement has come about since the enactment of previous data protection legislation in the UK (Data Protection Act in 1998). An unfortunate side-effect is the fact that personal data has never been more vulnerable. A new data breach is reported almost daily now. The General Data Protection Regulation is one example of a response, and it impacts any organization collecting personal data from any individual located within the EU. It wields fines that dwarf anything the Information Commissioner’s Office previously had at their disposal.

The legislation provides extensive guidelines for how businesses need to change their management practices related to customer data capture, processing and use. Key to the new requirements is the need for staff education on information security, as well as awareness of the latest changes to the data protection laws.

Portfolio company Hut Six is an information security company specializing in cloud-based information security awareness training of this type. The company produces interactive tutorials and real world lessons that inform students of best practices for processing personal data in compliance with GDPR. They measure staff-knowledge baselines and improvements, and provide insight into areas of vulnerability across client organizations.

Key to the new requirements is the need for staff education on information security, as well as awareness of the latest changes to the data protection laws.

Hut Six training programs address the following areas where the GDPR specifically impacts security awareness:

  • —“(b) [The Data Protection Officer must] monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits.”

    — Article 39 GDPR Tasks of the Data Protection Officer

  • “(h) [Organizations must provide] the appropriate data protection training to personnel having regular or permanent access to personal data.”

    — Article 47 GDPR Binding Corporate Rules

With human error as the leading cause of data breaches, security awareness has always been at the core of a good information security strategy. GDPR has made security awareness training a much more significant compliance issue, with organizations now obliged to keep their affected staff aware of the current legislation and best practices when handling personal data. Hut Six has created a valuable set of content and services that help with this obligation. For more information, visit

Introduction to the GDPR How Will GDPR Affect My Organization? How Does GDPR Affect Me?
Introduction to Data Protection Law Re-establish Definitions Right to be Informed
Impact and Severity of Fines Accountability Right of Access
Definitions of Key Terms Adequate Data Protection Controls Right to Rectification
Personal Data Lawful Basis for Processing Right to Erasure
Controller vs. Processor Consent Right to Restrict Processing
Examples and Scenarios Legitimate Interests Right to Data Portability
3rd Party Liability Data Minimization Right to Object
Pseudonymization Incident Response and Reporting a Data Breach
Data Storage Transferring Data Outside the EU
Exemptions and Derogations