Processes and procedures will only do part of the job

Why your data protection strategy will fail if you don’t get the people on board

Dealing with safeguarding personal information and data is challenging enough, but the difficulties presented during 2020 mean that data protection officers have had to manage their organisations’ privacy obligations while their workforce is in multiple locations. Additionally, the continuing uncertainty caused by Brexit and what it means for GDPR, means that navigating the data privacy landscape is arguably now more complex than ever.

However, while having the right processes and procedures in place are undoubtedly critical in laying a solid foundation for data protection alignment, if you don’t have your people on board, then the data protection strategy won’t work. Our recent guide – Data Protection Made Easy – outlines the six steps we take our clients through to help them implement a successful data privacy strategy. At the heart of this is embedding a positive data protection culture throughout an organisation.

That said, we know – particularly at the moment – that this is easier said than done, especially where large parts of the UK workforce are still working from home, or in disparate locations. We have written before about how to overcome ‘GDPR apathy’ and, while tactics such as hosting briefings, workshops and onboarding meetings are now likely to be done remotely, it is still possible to get the importance of data protection on everyone’s radar.

For context, the impact of the restrictions of the past six months have been laid bare in the latest 2020 Outbound Email Data Breaches report from email security firm Egress, which blamed a rise in outbound email - driven by Covid-19 and more people working from home – for an increase in data breaches. Therefore, ensuring your people are aware of your data privacy processes and procedures is more crucial than ever.

So, how do you embed and maintain a positive data protection culture during the current challenging times? We have briefly outlined the six steps we cover in our Data Protection Made Easy guide below:

1. Get The Board on Board - for us, the crucial first step is to build the knowledge and understanding of the senior leadership team to ensure that data protection becomes a shared responsibility across an organisation
2. Share Responsibility - creating ‘Data Protection Champions’ to help with the practical day-to-day implementation of both the current legislation and your internal policies will help to drive cultural change
3. Create a positive data privacy culture - getting the wider business engaged with data protection means it becomes less of a 'burden' and more of an integral part of business operation
4. Understand how the data flows – the Egress report shows that now, more than ever, it is important to have a thorough understanding of how the data flows through your organisation. If you don't know everything about where, when and why data is being shared, and by who, then breaches are more likely to happen
5. Assess which policies and contracts need updating - with Brexit just around the corner, it is important to review existing contracts and policies to ensure they are compliant
6. Embed data protection in your business – our mantra is that data privacy is not a one-time issue, it requires a long-term approach to ensure it is embedded in your business.

By following these six steps, and approaching data protection in a positive way, organisations are more likely to be successful in winning the hearts and minds of their colleagues to embed a long-lasting data protection culture, even in the most challenging of circumstances.

You can download our Data Protection Made Easy Guide here