By Elle Todd, Partner, Digital and Data, at Reed Smith LLP
Readers of this publication are no strangers to the difficulties of engaging their organisations with the delights of GDPR. It isn’t an easy sell and embracing eye rolls and heavy sighs comes with the territory.
A change in tactic and emphasis can be helpful here; one that moves away from a focus on fears and fines to (not fun, let’s not push it), but certainly the various positives GDPR can bring and a deeper understanding of why data compliance is here to stay. Here are some tactics to engage a more positive mindset:
GDPR training sessions are, all too often, notoriously dull and, since this is generally the first introduction for employees to data protection in a business, how this is done can really set the tone for how data compliance issues are perceived and approached. This shouldn’t be seen as a tick-box exercise to demonstrate compliance externally but as a perfect opportunity to do things differently and engage – an up-front investment which will pay dividends many times over.
Setting the seemingly rather strange and opaque obligations of GDPR in the context of history, tech and cultural change can be very helpful here: ‘what links Edward Snowden, Jason Bourne and Facebook like buttons?’ Get individuals thinking about data rights in the world around them – we are all consumers and create huge volumes of data every day so GDPR is not a remote compliance issue. We can all benefit personally from understanding more about it.
Some of the largest tech companies, but also increasingly many start-ups, are really embracing the positive side of GDPR through questioning how they want to be seen in the world of data and making data compliance an embedded part of the brand that everyone can get behind. Think of slogans such as ‘what goes on your iPhone, stays on your iPhone’ for example and how powerful messaging around trust and data minimisation can be. Move away from a focus on policy to the bigger picture of what data means to future success and strategy.
As a ‘one size fits all’ agnostic piece of legislation, the breadth and lack of very prescriptive terms in various areas leaves a lot of room for interpretation. This should be seen as a positive in giving companies the chance to adopt systems and processes that are relevant and work for them and the brand.
It is disappointing how few companies experiment here with creativity in messaging GDPR and data strategy issues internally and externally. Marketing and social media teams should be unleashed on new creative approaches. I still see very few videos, infographics, cartoons or simply engaging text used in privacy policies for example, despite the huge positive impacts those who have made the effort here report. This goes for all ‘UX’ design – the privacy settings and functions should be as much as part of the creative process as the main product experience.
New skills and collaboration
GDPR presents a fantastic opportunity for staff to learn new skills which will remain hot currency in years to come. Embracing and fostering this culture of curiosity and skill development in data, rather than leaving GDPR to a compliance function, is absolutely key to true privacy by design and success. This will in turn aid improved collaboration and innovation.
About the author
Elle Todd is a partner based in London and widely recognised as a leading practitioner in digital and data law. Her clients range from the biggest international household names to disrupters and tech entrepreneurs. She has a deep knowledge of the consumer brands, ecommerce, technology and media sectors in particular, helping clients to navigate compliance and commercial issues in order to innovate and succeed.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/