WHY GDPR IS ABOUT CULTURE, NOT BOX-TICKING COMPLIANCE!

Written by Phil Sampson, Sampson hall

25th May has come fast upon us and those wretched letters “GDPR” have haunted us for the last few weeks and months, but many are still seeing their compliance journey as a one-off box ticking exercise (i.e “How can I achieve this as quickly and cheaply as possible?” ). Whilst others believe that a technological solution will suffice and this is therefore a remit of the IT department.

Sadly, both these views are rather deluded and short-sighted approaches as there has never been a greater requirement for you and your people to fundamentally shift how your organisation looks after personal data. The last time the UK looked at personal data regulation was 1998 and data usage and exploitation has developed phenomenally since then. Neither technology nor processes and procedures alone will stop complaints, breaches or data subject access requests. These are the very things that could potentially draw the Information Commissioner’s Office to your door!

GDPR is all about changing attitudes and behaviours towards personal data within and throughout an organisation; it is, therefore, much more about an organisation’s culture than it is about its regulatory procedures or technology. The new processes and procedures act as the catalyst and underpin the transformation that is required within an organisation. The new technology will assist in protecting data, but the fundamental required transformation only comes about when people comprehend “why” it is necessary to change how they do things and how they think. Once they have that they can then ensure that the new processes, procedures and technology are reinforced by the right behaviours.

To find out more, call Sampson Hall on 0844 848 9594 or visit www.sampsonhall.co.uk