It’s been one of the most talked about subjects of the past 12 months, not just in HR but throughout the business environment. And now interest – and panic – is heating up even more, as the weekly countdown to GDPR reaches single figures.
Market analysis from the past year paints an interesting picture. Of course, a number of organisations have prepared rigorously for the legislative overhaul, others have tried to enhance their data protection knowledge but are still feeling a little perplexed, and inevitably there are those who are yet to upskill their teams. Earlier this month, an FSB report revealed that fewer than one in ten British businesses are prepared for GDPR, for instance.
At this late stage, retrospectively considering the degree of preparatory work undertaken, is largely an irrelevant exercise. It is far more important to consider what needs to happen next.
A Cascade survey in late 2017 found that HR teams were feeling relatively comfortable with GDPR, with 61% of respondents claiming that their team is somewhat prepared for the upcoming legislative changes. It certainly wasn’t cited as causing as much of a challenge as employee engagement, staff retention, absence management and recruitment.
But even if HR professionals have the knowledge and infrastructure to ensure GDPR compliance, the degree of wider employee know-how must also be assessed.
An article on Financial Reporter stresses why – of the 96 data breach reprimands made available by the ICO in 2017, 11 reportedly related directly to employees.
This emphasises the need for company-wide training. Such a development focus throughout businesses is what will undoubtedly prove crucial to organisations staying on the right side of the law over the coming years.
Accountability therefore needs to be acknowledged by everyone and, in many cases, one-off training will not be enough. We’re certainly working hard to empower HR teams to fuel the knowledge of the entire workforce and use analytics to home in on colleagues who need ongoing support. Our most recently-launched form of support is far from conventional – we’ve partnered with game-based training experts E3 Compliance Training to offer clients an app which incorporates quick-fire questions, role play scenarios and leader boards for the competitive! It’s such a dry and complex subject for individuals to get their heads around, so why not make the learning process a little more engaging and light-hearted? After all people learn much more when they play.
We would hope that the ICO will exhibit a degree of leniency, certainly in the earlier weeks and months following the 25 May D-Day. After all, this legislative movement is extremely significant, which is why it has been made clear that organisations need to be able to at least demonstrate attempts to ensure compliance. But surely the involvement and development of people – irrespective of role – training is key to this.