GDPR is a Behavioural Change
Having studied for my GDPR awareness certificate last week I now feel informed of the technical aspects of the legislation and how it impacts my marketing work.
However, the technical changes I need to make will only happen if I decide to stop doing certain actions and start doing new things. So the secret to GDPR compliance is my willingness to change my behaviour. GDPR is a behavioural Change Programme but in the majority of organisations it is not being led by Change Practitioners.
Those organisations that will be able to claim compliance after the May 2018 deadline will be those that have supported their staff through the cycle of Behavioural Change.
This starts with creating enough enthusiasm that people are willing to listen to information about what GDPR involves and how things have changed under this new legislation. This is no easy task as legislation about data protection excites very few of us!
Brilliant Change Practitioners are able to communicate in a way that makes the change relevant, useful and valuable to everyone. Help people see how the new rules will give them more chances to talk to their customers. Help them see how the changes will lead to a clearer understanding of the data that already exists in your organisation and where they can find it.
The next step is to ensure everyone has enough of a detailed understanding of what GDPR involves to work out for themselves how they need to change what they do. Be available to answer specific questions. Provide opportunities for colleagues to workshop with others what they think the impact will be and where in their existing processes this impact will occur.
People only change their behaviour if they can decide for themselves what they need to do. The alternative is to give people instructions about what they need to do and then check they are following your demands. However, that means they haven't really thought it through. There is no real ownership. The changes are yours not theirs. As soon as there is no checking up on what they do they are likely to revert back to how they used to work.
To develop the ownership involve as wide a population as possible in the creation of new ways of working. By bringing together people from all over your organisation they can share their insights on the changes they feel are necessary. This will give you a much richer set of changes than you could identify for yourself and those that identified them will have true ownership of them. This means they are more likely to take action because they understand what they need to do as well as from a personal perspective why they need to do them.
As with all Change programmes, it is best to develop an approach, clarifying the desired new ways of working, the new capabilities your organisation will have. This 'vision' is an essential element of change, because the more detail you can define, the easier it is for everyone involved to imagine what good looks like. A powerful description can lead to a compelling, unifying goal.
My advice for GDPR is to get talking, to start the process of describing in increasing detail what effective data management practices look like for your business. If you want guidance on how to manage change, seek out the Change Management Institute in your country, or go to www.change-management-institute.com
Leader of Digital Transformation Programmes globally using the power of Salesforce for Shell - 11x certified
7 年Agreed, we are focusing on GDPR as a change in attitudes to data privacy as well as identifying behaviours which we don't want to see within our business. As much as possible we're framing this in terms of improving customer experience rather than systems changes to fit with regulations - though the threat of fines is a useful stick when we're talking about the implications of not embracing the change!
SAP Project / Cutover Manager | SAP Activate Certified Trainer
7 年Hi Melanie, I am 100% with you it is about behavioral change. Wonder only that majority of the stuff in GDPR is already in force for more than 20 years by EU directive so apparently it hasn't been treated seriously so far. Here I present the thesis that the defined high thresholds for fines are now a kind of trigger that people take it seriously: https://www.dhirubhai.net/feed/update/urn:li:activity:6376397874451873792 Curious about your opinion? Cheers
Achieve your dreams sensitively and realistically with me at your side.
7 年It's very true that the impact of GDPR will be different for each organisation, as they can be as different as we are as individuals. One thing I believe is required for every organisation is a data audit. Only then can an organisation really start to talk about how GDPR will impact them. Only by identifying the purpose of data elements collected can you then identify the change required (that would be from policy right through data architecture to data processing). Having helped a few organisations I can also attest that enforced change is that which is resisted most. Get those discussions moving at a very frank level because the penalty structure is now more inclusive than ever and having people embrace behavioural change is the key to how successful your transition to GDPR will be.
Business Change and Transformation Management Professional: Co-Founder of the Change Management Institute’s Yorkshire Chapter
7 年Thanks Melanie for sharing. GDPR readiness is one of my key change programmes at the moment. A key area of focus for us has been to work with our stakeholders to discuss, understand and agree the required new behaviours. In other words we have raised awareness but most importantly we have started a conversation of change. All the best, Chad