Launching Serendata Insight
Launching Serendata Insight, choose a data led approach to transformation.
Learn More
Close icon

GDPR ​- Why your people are the key to GDPR Compliance

Michael Clinch

From May 2018, the EU GDPR ruling mandates that every organisation takes appropriate care of personal data, and that systems and processes all operate in accordance with the new legislation. However, except for the ‘Processors’ and ‘Controllers’ of the data, the 88 page ruling document doesn’t mention anything regarding specific requirements for a typical employee.

This isn’t an omission.  It’s not a pre-requisite of GDPR that employees all understand what the legislation says. Yet without a well-informed employee base, everything you do to prepare for GDPR can very easily be undermined.  Even if you have fully cleansed your data, reviewed and updated your processes and remediated your systems, it only takes one updated process to not be followed, one illicit download to be stored, one ill-thought out marketing campaign to be executed, or one spreadsheet to be sent en-masse, for all of your effort and careful preparations to be undone.  By contrast, even if your processes are somewhat open to interpretation, your systems not fully assessed and your data in need of a formal review, if your people fully understand GDPR and why compliance is critical, then your risk can be almost completely mitigated.
 
It is very easy to overlook the importance of your people when striving for GDPR compliance, but it is really quite straightforward to deliver an effective awareness programme that empowers employees and can mitigate a large chunk of the risk associated with GDPR. A comprehensive GDPR compliance programme that considers the people elements alongside the remediation of systems, processes and data is the most effective way to mitigate GDPR risk.  If your people understand that data is not something to be horded for a rainy day, that CVs should be deleted after the recruitment process is over, and why any process that deals with Personally Identifiable Information must adhere to GDPR guidelines, then you are probably unlikely to encounter significant GDPR issues.

Blog Post Image
  • Data Audits: Thorough assessment of your organisations current databases, records, third party agreements and archives, enabling you to identify where personal data is stored across your network.
  • Intuitive Training: This is provided in a variety of formats, including innovative gamification options.
  • Compliance Readiness Assessments: These provide an indication of the GDPR maturity of your organisation.
  • Roadmap to Compliance: A programme of activities to progress and improve your compliance with GDPR.

We have a track record of managing change and delivering process excellence at some of the UK’s largest companies. We’d love to discuss your GDPR programme with you and provide some more details on our approach to achieving compliance. For more information, or to arrange an initial discussion, please contact [email protected].

Latest blog posts

See all blog posts

Sage article: Cloud adoption, why you should work on supporting your employees first

Manufacturers can save time, effort and money through cloud adoption projects. Around one third of UK manufacturers purchased cloud computing services in 2020. Most would have done so to make the most of well-known benefits such as improved productivity, accessibility, reporting and data security, as well as lower operating and IT costs. However, if you’re looking at cloud adoption for your manufacturing firm, it’s really important that your people are a key part of the process. Rather than implementing the changes then informing your employees, they should be involved from the start. Read this article to find out why your employees should play a role during every step of your cloud journey, how to support them, and how to avoid potential pitfalls within your team. After all, you don’t want to get this wrong and pay a hefty price for delays or even lose key people.

Sysdoc

Lessons from Consortium working

An introduction to my experience At the beginning of this year, I started a new project working with a new client and taking on a new role for a large transformation programme. I have worked alongside other consultancies on previous programmes in the past, but this was a first for me, working within a partnership from the offset.

Chloe Lewis

Why Process Excellence is key for a successful ERP Implementation

I have been reflecting on my experiences working on ERP implementation/upgrade programmes whilst also listening and hearing to what others have to say. I think back to these projects and notice everyone was working hectically towards the programme ‘Go – Live’ and were under the impression that once they achieved this Go - Live then we have successfully implemented a new ERP System and our job is complete. I think many people can agree with me that a Go – Live date is just the start of the journey.  We have got to think about the people, culture, education, efficiency in processes and where can we reduce ‘waste’.

Bhavisha Kataria