Embedding a GDPR-compliant culture

With the introduction of new data protection legislation, a widespread review of data processing and governance was needed at our client, a major publisher.  The outcome was a company-wide targeted remediation programme that achieved compliance for data, systems, processes, and people.

Sysdoc provided experience, tools and approaches to tackle the challenges that GDPR presented.  Processes were reviewed, tracking mechanisms were introduced and GDPR ambassadors established spanning 20 countries.

 

150

Business Ambassadors

Inducted and trained to support GDPR remediation

7,000

People

Informed and educated about GDPR

500

Systems and Applications

Reviewed and remediated

Although the potential fines are often what grabs the headlines, the requirement to comply with GDPR is actually about a lot more than fine avoidance. 

No business can thrive without gaining and maintaining the trust of their customers and business partners.  Complying with GDPR ensures good personal data governance and builds a foundation of trust in all business dealings.  Ensuring data privacy and respecting the rights of data subjects is simply good business practice.

To establish a robust approach, work started by reviewing previous data practices, and assessing where existing knowledge and expertise could be harnessed. Subsequent programme activities could then tackle processes, systems and behavioural change in the context of the legislation.

We know in any change, engagement and involvement is key, and so a group of 150 people formed a body of GDPR Champions and Ambassadors, who following training, were tasked with completing activities to ensure compliance, as well as acting as a knowledge-cascade, and "go-to" point for all things GDPR.

Case Study Image

Tracking and evaluation tools were developed and adopted to prioritise the wealth of tasks before the May 2018 deadline. We started by defining integral processes through review sessions, and with supporting material for their creation these were then documented and publicised to ensure effective and consistent handling of GDPR and data privacy matters.

Remediation activities - work through which existing systems and processes are made compliant - were thorough. Achieving a shift in behaviours was also vital if the improvements were to be sustained. This is now embedded, and personal data is no longer viewed as something to hoard and save, but something with potential risk. It is handled with care and thought.

This project was selected for a showcase at a Management Consultancies Association forum in 2017 to share best practice and help other businesses prepare for GDPR.