GDPR ​- Why your people are the key to GDPR Compliance

Michael Clinch

From May 2018, the EU GDPR ruling mandates that every organisation takes appropriate care of personal data, and that systems and processes all operate in accordance with the new legislation. However, except for the ‘Processors’ and ‘Controllers’ of the data, the 88 page ruling document doesn’t mention anything regarding specific requirements for a typical employee.

This isn’t an omission.  It’s not a pre-requisite of GDPR that employees all understand what the legislation says. Yet without a well-informed employee base, everything you do to prepare for GDPR can very easily be undermined.  Even if you have fully cleansed your data, reviewed and updated your processes and remediated your systems, it only takes one updated process to not be followed, one illicit download to be stored, one ill-thought out marketing campaign to be executed, or one spreadsheet to be sent en-masse, for all of your effort and careful preparations to be undone.  By contrast, even if your processes are somewhat open to interpretation, your systems not fully assessed and your data in need of a formal review, if your people fully understand GDPR and why compliance is critical, then your risk can be almost completely mitigated.
 
It is very easy to overlook the importance of your people when striving for GDPR compliance, but it is really quite straightforward to deliver an effective awareness programme that empowers employees and can mitigate a large chunk of the risk associated with GDPR. A comprehensive GDPR compliance programme that considers the people elements alongside the remediation of systems, processes and data is the most effective way to mitigate GDPR risk.  If your people understand that data is not something to be horded for a rainy day, that CVs should be deleted after the recruitment process is over, and why any process that deals with Personally Identifiable Information must adhere to GDPR guidelines, then you are probably unlikely to encounter significant GDPR issues.

Blog Post Image
  • Data Audits: Thorough assessment of your organisations current databases, records, third party agreements and archives, enabling you to identify where personal data is stored across your network.
  • Intuitive Training: This is provided in a variety of formats, including innovative gamification options.
  • Compliance Readiness Assessments: These provide an indication of the GDPR maturity of your organisation.
  • Roadmap to Compliance: A programme of activities to progress and improve your compliance with GDPR.

We have a track record of managing change and delivering process excellence at some of the UK’s largest companies. We’d love to discuss your GDPR programme with you and provide some more details on our approach to achieving compliance. For more information, or to arrange an initial discussion, please contact [email protected].

Latest blog posts

See all blog posts

Keeping it on the DL - Guest Speaker LPI Chairman Donald H Taylor

Shall we jump right in? Are L&D teams relevant anymore? Given the steer towards customised, personalised learning do you still need an L&D team. Well, we are walking into this vlog with a bang. It is a crucial question and the elephant in the room that we should all be asking ourselves. LPI Chairman and Guest Speaker for this month’s vlog Donald H Taylor cleverly approaches this question. So, the answer is yes and no. Unfortunately, you cannot measure learning, but most learning takes place outside what L&D does. We live in a world where people can increasingly access information themselves and there are so many options on the market that it is no longer sufficient to just rely on L&D functions. L&D needs to adjust to this new world and as we have experienced previously, they are not the sole gatekeepers to knowledge anymore. However, they can make themselves an essential cog in the machine. The scope of what L&D should be doing has increased and it needs to adapt so it can help individuals reach their potential. Let’s face facts, Covid-19 has given people the time and determination to take up learning on their own. Upskilling was already a huge priority pressing on people’s minds prior to 2020 and as we move to a remote world, online learning is not only essential but the default option. 

Sarah Vaughan

You know what they say about cyber security…

Cyber security is like underwear: don’t let people see it, change it often and don’t share with strangers.  Perhaps an unheard-of joke, but a very common one amongst cyber security professionals and it has been creeping its way into how a company approaches its security. The four words that should describe an organisations cyber defences; ‘efficient, evolving, integrated and necessary.’ There is no shortage of providers advertising that this is what they can supply and companies’ now holding their hands up admitting it is what they need. However, what a company wants, and needs are two very different things, and it is the difference between a multi-million budget spend or some minor but effective internal changes.  The thirst for new technology is making organisations even more complex, and at the current rate it is progressing, there is a lot of opinion on the necessity for trendy technology and what will create the perfect formula to ‘streamline, accelerate and strengthen.’  

Tessa Fyson

Day 1: Social Housing Annual Conference 2020 and HOMES UK - "A virtual day of inspiration"

Having attended several Social Housing Annual Conferences in my 15 years working in the sector both in Harrogate and in Manchester, this years conference was always going to be different.  Getting up this morning and not having to travel was different and then the thought of not being able to catch up and have a coffee and a chat with ex colleagues and friends was always going to be a little different. I need not have worried as Day 1 once again re-affirmed my love for the sector, its people and how Social Housing is making a huge difference to the lives of people across the country.

Robin Ridgley