General Data Protection Regulation (GDPR) is the new privacy law that aims to protect European Union citizens as their data is handled which will go into effect on May 25th, 2018. Many organizations are scrambling to get up to speed on what this means for business – and with good reason.
GDPR is the most significant legal shake-up for decades, with good reason: the last data protection act was implemented in 1998, and this update is therefore considered long overdue. The new regulations not only apply to organizations located within the European Union (EU) but to all organizations that process or store personal data of data subjects living in the EU. The implementation of GDPR in organizations proves to be a large, and to some a seemingly unmanageable process as many companies, though boasting high levels of security, simply won’t measure up: according to a study by Veritas, 47% of organizations on a global scale have major doubts that they will meet the impending compliance deadline. Yet with the right preparation, there is no need for you to fear and we’re here to help! Take a look at what you can do to get started and stay on top of the newest regulation changes.
Being informed is often the hardest but most important part of implementing new processes, and the very first step is for your Learning and Development (L&D) department to understand the implications of GDPR. That means setting up a line of internal communication, which will be crucial moving forward. It’s never too early to start creating awareness. Make use of email campaigns to inform your staff about the upcoming changes that your company is facing, how it will impact them, and prepare them for the training that will be introduced. By communicating you can help your employees be cognizant of any misinformation and minimize misunderstandings – both which may affect the attitude towards GDPR implementation. For example, some might be under the impression that dentists will stop ringing patients to remind them about their appointments or that, due to Brexit, that British companies will not have to deal with the newest regulations. Neither are the case! Make sure to start informing your people early on and keep them engaged every step of the way. Not only will this make your transition more efficient, but it will ensure that the right facts and information resonate.
This is a timely opportunity for leadership to evaluate L&D in their company and define its role in the process of GDPR compliance. The Supervisory Authorities are very clear that compliance will involve a review of all “internal data protection policies such as staff training”. This is a perfect occasion for L&D departments and those responsible for company-wide training to introduce or reinforce processes, as well as revamp their existing training. Audits of current data protection training will help establish where new learning and methods can be most effective. For example, say your company lacked Social Learning or Gamification capabilities. This would be a great time to consider how those tools can be used to not only get your employees up to speed with GDPR, but also pave a way for future learning in the organization.
When changes are driven from a shift in external regulations it may be more difficult for a business to drive the message home. The purpose of GDPR is to protect the data of your people. In a world where data breaches and large-scale hacks are a constant threat, potential clients and existing customers want to know that their personal information is in safe hands. Think of it (and market it internally) as an opportunity to outline processes to figure out where and how data is used within your organization. Use this time to really analyze the culture of learning in your organization, analyze existing skills and competencies, and make a plan for where you want to be in the future.
We’ve talked about planning and communicating new training – now it’s time for action! One of the suggestions from the GDPR rules is to apply staff training as part of the implementation of the data protection policy. This is because the risk of human error associated to GDPR is high and could become very costly. However, implementing the necessary training is easier said than done as these days company operations often reach across borders and oceans – business is global! It’s therefore important to make it easy to deploy new training across the entire organization. In addition, keep in mind that content is king! Make sure you’re sharing the right information with the right people at the right time. For some ideas for points to focus your content around take a look at the following resources authored by the UK’s Information Commissioner’s Office:
Preparing for the General Data Protection Regulation: 12 steps to take now
Data Protection Self-Assessment: Getting ready for the GDPR
GDPR is not one-size-fits-all and it is therefore important to adjust training to fit not only your specific company needs, but specific workers as well. Do you have a learning platform in place where you can easily combine various types of content to make it relevant to every learner? Remember that this may not be the only time regulations change. If new rules are added in the future, it’s important that you can easily update training content, as well as add new learning material.
There are many resources at your disposal that will help make this transition easier. Don’t be afraid to reach out for assistance – just be cognizant of the source to make sure you’re truly getting the help you need. While we are not the experts on all things GDPR, we hope these tips will help you get started and motivate you in managing the change process.