GDPR ​- Why your people are the key to GDPR Compliance

Michael Clinch

From May 2018, the EU GDPR ruling mandates that every organisation takes appropriate care of personal data, and that systems and processes all operate in accordance with the new legislation. However, except for the ‘Processors’ and ‘Controllers’ of the data, the 88 page ruling document doesn’t mention anything regarding specific requirements for a typical employee.

This isn’t an omission.  It’s not a pre-requisite of GDPR that employees all understand what the legislation says. Yet without a well-informed employee base, everything you do to prepare for GDPR can very easily be undermined.  Even if you have fully cleansed your data, reviewed and updated your processes and remediated your systems, it only takes one updated process to not be followed, one illicit download to be stored, one ill-thought out marketing campaign to be executed, or one spreadsheet to be sent en-masse, for all of your effort and careful preparations to be undone.  By contrast, even if your processes are somewhat open to interpretation, your systems not fully assessed and your data in need of a formal review, if your people fully understand GDPR and why compliance is critical, then your risk can be almost completely mitigated.
 
It is very easy to overlook the importance of your people when striving for GDPR compliance, but it is really quite straightforward to deliver an effective awareness programme that empowers employees and can mitigate a large chunk of the risk associated with GDPR. A comprehensive GDPR compliance programme that considers the people elements alongside the remediation of systems, processes and data is the most effective way to mitigate GDPR risk.  If your people understand that data is not something to be horded for a rainy day, that CVs should be deleted after the recruitment process is over, and why any process that deals with Personally Identifiable Information must adhere to GDPR guidelines, then you are probably unlikely to encounter significant GDPR issues.

Blog Post Image
  • Data Audits: Thorough assessment of your organisations current databases, records, third party agreements and archives, enabling you to identify where personal data is stored across your network.
  • Intuitive Training: This is provided in a variety of formats, including innovative gamification options.
  • Compliance Readiness Assessments: These provide an indication of the GDPR maturity of your organisation.
  • Roadmap to Compliance: A programme of activities to progress and improve your compliance with GDPR.

We have a track record of managing change and delivering process excellence at some of the UK’s largest companies. We’d love to discuss your GDPR programme with you and provide some more details on our approach to achieving compliance. For more information, or to arrange an initial discussion, please contact [email protected].

Latest blog posts

See all blog posts

Sysdoc CEO awarded Outstanding Alumna of the Oxford Advanced Management and Leadership Programme

Prestigious recognition from the Saïd Business School at Oxford University Desiree Botica, Sysdoc CEO NZ/ AU has been awarded the Outstanding Alumna of the Oxford Advanced Management and Leadership Programme (OAMLP) at the Saïd Business School at Oxford University. The honour recognises Desiree’s exceptional performance as CEO of Sysdoc Australasia, by applying her learnings from the OAMLP into enduring practices. Desiree attended the course in October 2012 and was promoted to Sysdoc CEO in 2016. Since taking up the role, the company has delivered strong growth, in part, by Desiree challenging herself and her team to stretch themselves and deliver to agreed targets and timeframes.

Blog Post Author Image

Thomas Bugler

Why ‘the first rule of fight club’ doesn’t exist for designers at Sysdoc…

In the past, the curtains have always been firmly closed when trying to gaze through agency windows to understand how design teams work and collaborate on projects. A company’s creative processes remained a mystery and the unspoken rule that employees were not to share the ‘fight club’ secret rang true.  At Sysdoc we’ve pulled down the curtain rail, opened the windows and are actively sharing our approach with everyone we know and quite frankly, anybody who’s interested. We’ve been refining our ways of working for many years. Whilst we acknowledge our design process will continue to grow and develop organically, we’re confident that our tried and tested methodologies will continue to add great value to our clients.

Blog Post Author Image

Nik Hannay

PRESS RELEASE: Sysdoc Wins NZ Road Transport Forum Trucking Award

Sysdoc announced today that it has won the ‘Industry Innovation Award’ at the 2018 NZ Road Transport Industry Awards with the ‘Transport Contractor Induction’ module developed for the Fonterra Co‑operative. The Road Transport Industry Awards Dinner was held at the Dunedin Town Hall where it recognised outstanding contributions to the transport industry.

Blog Post Author Image

Jack Gordon