Do you have a GDPR conscious culture?

To ensure you have built the right capability to comply with the new regulation for next May, it will take more than building a GDPR team and developing some internal processes. A fundamental shift in the culture and attitude of the whole organisation, with regards to data handling, is required.

We have suggested in our previous thought pieces that the perfect GDPR team should consist of cross functional individuals, with a range of different specialisms. But the big question here is, why not stretch this GDPR awareness across the whole organisation? 

Organisational wide accountability

This isn’t a regulation where a single individual will be held accountable. This is a regulation where a single individual’s actions could hold the whole organisation accountable. This builds the case for a need to instil an awareness of GDPR across your organisation’s culture, which is probably quite difficult to achieve. One possible solution could be to develop an awareness and training scheme that focuses on the fundamentals of GDPR.  By the time the scheme has been completed, all individuals across the organisation should hopefully possess a greater sense of responsibility and accountability.

We have found that businesses are struggling to find the right people to help support their programme. But we challenge this and question whether this is the real issue. We feel that businesses shouldn’t be building capability in small isolated project teams. Instead, as mentioned above, they should be providing sufficient training to all staff to ensure that everyone is accountable and knowledgeable.

Solely focusing on training won’t achieve an organisation’s GDPR objectives. Just as much thought and effort has to be put into the cultural aspects of an organisation as well. Adopting a GDPR conscious culture, can help your organisation build a number of high performing teams that are well informed and aware of the impact of the decisions they make regarding personal data. Consequently, they should then understand the effects that this will have on the business’ level of compliance. The key to ensuring your organisation is well equipped for GDPR is by making sure your organisation has more than a GDPR policy which no one reads, but a culture of conscious, appropriate decision-making when employees are handling personal data.

There is also an increasing need to have a robust paper shield to protect your business. The first thing the regulator is likely to ask to see is your security policy. Following this, they will ask what training you have provided to your staff. By expanding the knowledge across the business you are expanding accountability and putting your organisation in a strong position to inform your regulator that everyone in your organisation has undergone sufficient training and education on what GDPR means for the organisation’s data handling processes and procedures. The result: organisational wide awareness on how to handle data.

By creating a GDPR conscious culture you are ensuring that everyone in the business has sufficient knowledge and understanding of GDPR, as well as safe guarding your business from the bottom up and beyond May 2018.

If you want to read more about GDPR then why not check out the findings from our survey on GDPR readiness earlier this year http://www.ninefeettall.com/gdpr-infographic/?

From the blog

  • Opportunities for Process Efficiencies in the Legal Sector

  • Key Trends Affecting Supply Chains and Logistics

  • A World of Changes Ahead for Housing Associations