Has the General Data Protection Regulation (GDPR) really meant your organisation has succeeded in changing its data mindset?
The panic set in. Questions were asked. What are we doing with all the data we collect? Do we need it? Do we have a legitimate interest to keep it? What even is a legitimate interest?
The introduction of the GDPR is a few months behind us now, but can you really say you feel your organisation has succeeded in changing your organisation’s mindsets on how data is handled and treated?
That question is a big one, yet the answer is critical. No matter how much you have invested in identifying where, why and how personal data is stored, the exercise is fruitless in the long term unless you have done the following:
1. Brought about an internal paradigm shift in how data is treated and handled
2. Cleared up any uncertainty in your teams
3. Got your organisation to comprehend the importance of data protection
4. Tackled colleagues’ frustrations relating to the adoption of new ways of working
So why is this important?
Going beyond straight compliance will save you money. Changing the mindsets of your development team is tricky but by removing or minimising the single biggest aspect that can land you in hot water (personal data), you instantly reduce the risk of falling foul of the law.
Brands take time to build and so does trust. We’ve all seen examples of customer confidence declining rapidly following scandal.
How do we solve this problem?
It’s no mean feat asking your teams to do a 180° turn from collecting as much data as they can syphon from customers to now filtering down everything to its core component. This will often call into question a fundamental part of their role.
When you first heard about the GDPR, what was the one word that popped into your mind? I can bet it wasn’t: exciting, fun or thrilling. Uninformed and bored employees are your enemy. Employees must get them behind the importance of the proper collection and handling of personal data.
Incorporating change management will enable effective fostering of an internal change culture. In seeking to implement this, ensure you:
Solidify internal buy-in through change sponsors and cascade down to operational change champions. Organic advocates are your route to success
Recognise that GDPR is not going to be exciting for everyone. Focus on what it will give employees and how it links to the company’s vision. Identify and communicate the link between data protection and the “What’s in it for me?” Most organisations are data dependent so hitting this mark is essential
Address the fear of loss and the drop in confidence across your teams who might have to adopt new systems and ways of working to ensure compliance
Make it personal. Try to connect employees to GDPR through storytelling. Where has it gone wrong for other organisations? What do you want to avoid? Having compelling stories that employees can latch onto will remind them of new ways of working when at their desk. This will be what they remember months after training
Work out what else needs to change across the organisation to reinforce the change. Even with a vision, storytelling and willingness to change, you need to make sure all the doors are open to enable change. Identify how aspects like targets and bonuses can reinforce behaviour change. If you are a salesperson and your bonus or appraisal systems reward old behaviours (that are now non-GDPR compliant), these will need to change. It goes beyond just expecting people to change, the organisation will also need to change to facilitate this
This Article was written by Frazer Carroll, Consultant at Alchemmy: firstname.lastname@example.org