Overcoming GDPR Apathy
We recently announced our partnership with the Arena for Data Protection Professionals (ADPP) for a series of events on how businesses can ‘win over hearts and minds’ when it comes to data privacy, particularly GDPR. We kicked off with the first virtual panel discussion on 19 March, where we shared best practice on how organisations engage with their colleagues, so that GDPR is seen as more of a benefit than a burden.
What became clear is that many DPOs face resistance internally – for many colleagues, the perception is that GDPR is a blocker that stops them from ‘doing their jobs’. During the build-up to its implementation in May 2018, GDPR was everywhere. Since then though, it is fair to say that a certain amount of apathy towards the regulation has set in, and it has been tricky for many DPOs to keep colleagues engaged.
However, according to law firm DLA Piper’s latest Data Breach Survey, data protection regulators have imposed EUR114 million (approximately USD126 million / GBP97 million) in fines under GDPR for a wide range of infringements, not just for data breaches.
And, in the UK, we have recently seen the ICO issue the first fines under GDPR – the first being Doorstep Dispensaree Ltd, a London-based pharmacy that supplies medicine to care homes, which received a fine of £275,000. This was closely followed by £500,000 for DSG Retail Limited – the operator of Currys PC World and Dixons – after a cyber-attack left its point-of-sale system compromised, resulting in a breach of the personal data of 14 million customers and the theft of 5.6 million payment card details.
This shows that GDPR needs to be taken seriously - as well as the heavy financial impact, the reputational repercussions can be significant.
So, how can DPOs engage their colleagues with GDPR?
- Have a positive approach to data protection
Organisations that approach data protection in a positive way, with a focus on embedding it into a company’s culture, are the most successful when it comes to winning the hearts and minds of their colleagues. A key way to achieve this is to ensure that data protection is not synonymous with ‘bad’ things happening, such as a breach, but to shift the emphasis to why it is important and relevant throughout an organisiation. There’s nothing more powerful than showing a colleague how their role is integral to ensuring compliance.
- Regular communication and relevant training
What we often hear is that many DPOs and heads of compliance often work in isolation, so being more visible within the organisation will help engage employees. This doesn’t have to be ‘physical’ contact – particularly in the current climate of remote working. It can be regular communication and the implementation of contextualised training (which can be carried out virtually) to ensure colleagues understand how it is relevant to their job and are up-to-date with the latest policies and procedures.
- Implement technological solutions to reduce the ‘burden’
Many organisations still hold considerable amounts of data either physically or on spreadsheets. This can cause a huge headache for both the DPO, and any colleagues that are tasked with managing and securing the data. Where possible, moving the data onto an intuitive online platform can hugely relieve the administrative burden. That is one of the main reasons why we developed The Compliance Space – to simplify GDPR alignment and help organisations to effectively manage it.
In this ‘decade of data’, there is an increased focus on trust. A company’s reputation can be significantly damaged if it doesn’t take data protection seriously, so keeping colleagues engaged and informed on their role in helping the organisation achieve GDPR alignment is crucial.
We will be speaking at future ADPP events – for more information visit https://digitalarena.co/events
For more information on The Compliance Space, or to book a demo, contact us at https://www.thecompliancespace.com/book-a-demo