By now, dear business leader, you should be well on your way to compliance with data privacy regulations. With GDPR having gone live on the 25th of May this year, and with POPIA around the corner in SA, you shouldn’t be sitting back and relaxing when it comes to privacy. You as a leader should be well aware of the consequences, as well as what needs to be done in order to comply. The trouble is, your staff are likely to not be nearly as concerned as you are with privacy regulation and the part they play.
The fact of the matter is that data privacy compliance is not simply the responsibility of the data protection officer or information officer, it’s a responsibility across the company. And in order for this responsibility to be filtered through, it is of vital importance to hold regular awareness campaigns. These campaigns should educate staff as to what their responsibility is, and most importantly, why it is their responsibility. Your campaigns can take multiple approaches, and will likely be a hybrid of different means.
An effective and visible type of campaign is running a poster campaign; having multiple posters placed throughout the office. Not only does this create awareness among teams and individuals, but it also acts as a form of advertising campaign to visitors in your office: that you as a company take data privacy seriously.
These campaigns are easy to run and take very little effort in distributing, but can you be sure that your staff have read the campaign and taken the information on board? You need to be able to follow up these campaigns with some sort of actionable item. A survey or a quiz can be a great way of garnering input and encouraging participation in such a campaign.
In Person Education and Forums
Possibly the most effective approach is to have training completed in-person with a discussion forum available for people to participate in. In some cases, I have seen companies where there are massive campaigns already running battling with the fact that people still don’t have a full understanding as to what data privacy is. These discussion forums pull people out of their every day firefighting and allow people to ask the questions that they may be too busy to think about in their day to day work.
In line with this in-person education, I offer a keynote talk followed by 20 minutes of Q&A around data privacy. This has proven incredibly valuable to companies in that their teams get to see a very real side of what happens after an identity theft, as well as practical guidance as to why everyone in the company is responsible for data privacy. You can find out more about the talk here. It’s also a great way to get the team together over pizza and a discussion!
I would recommend a blended approach of all three methods, as well as any other methods you may find useful in your context. Some organisations have video based training too, and include their data privacy processes in their induction – a great way to get new team members on board from the start!
Should you wish to discuss any of these campaign types further, or explore different ways of building awareness, please contact me, I’d love to help steer your ship in the dangerous waters of data privacy.