GDPR-ositivity
23 March 2018I heard the letters G, D, P and R together for the first time in April 2017 at a Breakfast Briefing that the Business School organised about the DVLA’s digital strategy. After sharing the progress that it has made towards reaching 100% of its services being offered digitally, the DVLA’s Service Manager then turned to some of the unknowns and challenges that lay ahead – challenges such as ‘GDPR’. He then said something along the lines of ‘at this stage, we don’t even know if we’ll be able to contact people to remind them that their licence is about to expire’.
I was shocked by this statement: how on earth could these four letters mean that you weren’t able to remind customers that they needed to renew their licence?! After the event, I immediately Googled GDPR and made a mental note that if I was unaware of this law and its potential implication, lots of other people wouldn’t be aware either, and that I should seek an expert to come and talk to our Business community about it.
The Business School has a great relationship with the law firm Hugh James and so I asked one of its team, Helen Iles (who now has her own consultancy) to deliver a session for us on 27th July 2017 that outlined the requirements of the regulation and what people needed to do, quickly, to make their businesses compliant. You can watch the slides and listen to the recording here. Helen begins at 1.45 mins and over the course of an hour does a fantastic job of explaining everything, far better than I ever could. So for the sake of this blog, I just thought I’d reflect on the three key messages that I took from the session, which give an insight into how Executive Education is approaching the issue.
- That it is perfectly reasonable to contact people on your database if there is a legitimate business requirement to do so. The DVLA therefore surely can contact people to let them know that they need to renew their licence. If I need to discuss a course with a client sponsor who has already confirmed their contract, I can of course do this. I do not have to ask their permission to email them.
- When it comes to marketing and promotional activity however, more care does have to be taken. A ‘business card in a bucket’ competition is a good reference point here. If you ask people to put their business card into a prize draw to win a bottle of champagne, unless you make it explicitly clear that you are asking them to provide their contact details to enter the competition, and enter your marketing database, and have evidence that everyone is aware of both intents, you are in breach of GDPR. As a very external-facing function of the School, this level of ‘commitment to consent’ has many different implications for us. We are now ensuring that the right consent tick boxes are in place on our marketing material and that all of our data is held extremely securely.
- Declaring a data breach is critically important. Failure to do so is what exposes individuals and organisations to the hefty fines. If a breach or inappropriate data share occurs, we must declare it FAST, and drastically limit the damage done.
These are my personal reflections on the session that Helen delivered – you will obviously need to fully explore the implications of GDPR for your own business. However, as a specialist in improvement, I like to look for the positive effects of any such ‘imposed change’ in order to make those changes more palatable. To me, GDPR is affording us the opportunity to think much more carefully about how we communicate with our customers. This is a good thing. We have to be exceptionally clear about our offering and in no way misrepresent what we are asking of them. Trust is an essential part of great relationships with customers and they mustn’t feel that we are stepping over any kind of line with them in terms of how they thought that they were going to talk to us. This is just good business practice – GDPR enshrines this in law.
In terms of reporting data breaches, this is where excellent leadership and positive organisational cultures come into play. To meet the needs of GDPR, employees will need to feel empowered enough and confident enough that they will not face serious, unjustifiable reprisal when putting up their hands to declare a data breach. If we are working within cultures of fear and accusation, the likelihood that people will declare problems is very slim. I must be confident that my team first understands GDPR and then feels able to talk to me openly and quickly about any issues that might arise in the course of work.
There is no doubt that meeting the GDPR is going pose many challenges to business. I am not trying to detract from this fact and I encourage organisations to engage with experts in this area to ensure that they are compliant, but GDPR does pose some opportunities to pursue greatly improved business practice.
One last thought… if you look at GDPR from your own personal perspective as opposed to that of your business, you agree with every single part of it.
Comments
1 comment
Comments are closed.
- Double Meanings
- Ticketing Masterplans
- When will it all end …
- Lifetime Loyalty and Taylor Swift
- Looking at Things Differently
- Networking Noodles
- Addicted to Truth
- Designs on Service Design
- The Multiple Joys of Universal Design
- Hungry Cultures
- Event Lean
- The Traffic Analogy
- Moving on Up
- Rosé Cava Revolution?
- Powerpoint Sneaky Lean
- Writing about Writing
- ChatGPT Response: Exploring the Art of Expression: Unveiling the Magic of Writing in the Style of Sarah Lethbridge
- Help to Grow Coldplay Style
- Caring IS Everything!
- Institutional Flapping
- “Just Do the Next Right Thing”
- Trust Thermoclines
- Organisational Tempo
- The Inaugural Lethbridge Customer Service Awards
- Vaccine Lean – The Dawn of the Water Spider
- The Queen and Lean
- Decisions, Decisions, Decisions
- Peaceful Protest
- Tesla Tales
- Back to Reality!
- Carrots, Sticks and Buckets of Time Tricks
- The Great Pandemic Pause
- Organisational Therapy
- Late Night Wordleing
- Vaccine Lean
- Chief Letters of Complaint Officer
- AMBAZING Accreditation!
- My Big Lean Head
- [Let us] Help [you] to Grow: Management
- The Love Island Blog
- October 2024 (1)
- September 2024 (1)
- July 2024 (2)
- June 2024 (1)
- May 2024 (1)
- March 2024 (1)
- February 2024 (2)
- December 2023 (2)
- October 2023 (2)
- September 2023 (1)
- July 2023 (3)
- June 2023 (1)
- May 2023 (1)
- April 2023 (1)
- March 2023 (1)
- February 2023 (1)
- January 2023 (1)
- November 2022 (1)
- October 2022 (2)
- August 2022 (2)
- July 2022 (1)
- May 2022 (2)
- April 2022 (1)
- February 2022 (1)
- January 2022 (1)
- December 2021 (2)
- November 2021 (1)
- October 2021 (1)
- September 2021 (1)
- August 2021 (1)
- July 2021 (1)
- May 2021 (2)
- April 2021 (1)
- March 2021 (1)
- January 2021 (1)
- December 2020 (1)
- October 2020 (3)
- August 2020 (1)
- June 2020 (2)
- April 2020 (1)
- March 2020 (1)
- February 2020 (1)
- December 2019 (2)
- October 2019 (1)
- September 2019 (1)
- August 2019 (1)
- July 2019 (1)
- June 2019 (1)
- February 2019 (3)
- October 2018 (1)
- September 2018 (1)
- March 2018 (10)
- April 2016 (1)
- January 2015 (3)
- July 2014 (9)
- September 2013 (1)
A kind of good post. All SMEs and large business should be GDPR compliant. GDPR Awareness must be given to the staffs.