# Awareness, Training and Best Practices

Provide role-specific training and general awareness sessions.

**Topics should include:**

- [Data protection law and privacy (Law No 058/2021).](https://www.risa.gov.rw/data-protection-and-privacy-law)
- Secure development lifecycle and secure configuration.
- Phishing awareness and safe handling of sensitive data.
- Incident reporting procedures and personal responsibilities.