GDPR: building a culture of responsibility in summary:
- This blog explores the impact of the General Data Protection Regulation (GDPR) on organisational culture, emphasising the need for a shift towards a culture of responsibility regarding data protection.
- We discuss the importance of employee awareness and training in understanding GDPR requirements and their role in safeguarding personal data.
- We also highlight the benefits of embedding a culture of responsibility throughout the organisation, promoting trust among employees, customers, and stakeholders while mitigating the risk of non-compliance with GDPR regulations.
With the GDPR fast approaching, companies are busy putting the right policies, processes and HR software in place to help manage their data and ensure compliance with the new regulations.
But as any HR professional will tell you, having ‘rules’ in place doesn’t necessarily mean people will follow them, even if the consequences have been clearly explained.
In a recent, fascinating report, Deloitte examines what drives people to take responsibility for doing the right thing, whether that’s in relation to complying with legislation or just going about their job in an ethical, appropriate manner.
Strong relationships, clarity about roles and a sense of being valued by the business came out as key factors influencing employee behaviour. But as the report points out, the digital world we now live in, is making it harder than ever for companies to engender a sense of personal responsibility among their employees.
The rise of remote working and virtual teams, coupled with the effects of globalisation and fast-moving markets, have led to a break-down in the strong working relationships that once characterised the workplace and helped employees understand ‘how we do things around here’.
People are often confused about who they report to, where the boundaries of their constantly shifting job role are and how their work fits into the bigger picture. Information overload is also an issue. With a constant stream of communication, it can be difficult for people to identify what’s important and what applies to them personally.
So, in a changing and confusing world of work (and in an environment where non-compliance with regulations comes with strict penalties), what can HR professionals do to create an environment where people take responsibility for their actions?
Set the tone from the top
The Deloitte report, ‘How leaders can build a culture of responsibility in a digital age’, emphasises the importance of reciprocity in the employer-employee relationship. Research has shown, for example, that employees who feel connected to the business and treated well, are more likely to feel that rules apply to them and will act responsibly.
Conversely, those who feel their leaders don’t have the best interests of the whole company at heart, are likely to lack motivation and may even engage in harmful, toxic behaviour. If organisations want their employees to show commitment and do the right thing, the message that people are valued needs to come from the very top.
Three things to try:
- Town hall meetings – get leaders in front of people on a regular basis so they can reinforce key messages. Make sure those who can’t attend personally can dial in.
- Leadership lunches – organise a series of informal, small-scale lunches where employees can meet leaders face-to-face
- Communication campaigns – use your HR portal, e-newsletters or regular email updates to acknowledge challenges, share knowledge and showcase best practice.
Make responsibilities clear
In fast-moving markets, employees often find their roles altering almost overnight. New teams are formed, reporting lines shift and yesterday’s priorities are today’s old news. It’s hardly surprising that employees often lack clarity about what their goals are, who they need to please and where the buck stops.
Anyone who’s responsible for capturing, processing or sharing data needs to have appropriate training and be absolutely clear about how the new rules will affect their role and where their personal responsibilities lie.
Three things to try:
- Make responsibilities explicit, and ensure that GDPR compliance is a standing item on team meeting agendas and performance reviews
- Encourage managers to have regular informal check-ins with their people so that they can review goals on a regular basis
- Offer for HR to visit team meetings to brief people on how you are managing their data in the context of the GDPR and why it’s important for the business.
Build strong relationships
Collaborative relationships play a vital role in creating environments where people feel a strong sense of personal responsibility. If employees see the colleagues they respect and trust observing the rules, they are more likely to follow suit.
Deloitte’s research has shown, however, that in digital environments, the “societal guardrails” that encourage people to follow the often unspoken rules about the way things get done, are often broken down.
We’re more connected by technology than ever before – but less connected and invested in each other in person. Managers need to help their people build a strong network of relationships both within and across teams, and to create a sense of ‘we’re all in this together’. If people feel connected, they are more likely to invest their energy in a positive direction for the good of their peers and the business as a whole.
Three things to try:
- Create projects that encourage employees to work together collaboratively. For example, opt in colleagues from elsewhere in the business to help you get ready for GDPR compliance.
- Encourage staff to set up social groups that bring people together over shared interests (i.e.lunchtime photography club, walking group)
- Use the internal social portal that comes with most HR software systems to help people connect and collaborate.
Role model the right behaviour
Line manager behaviour will be key to making sure new data protection rules are complied with. HR needs to concentrate its efforts on making sure this influential group take the new regulations seriously and model the right behaviours.
If team members see their managers being dismissive about the rules – or possibly even flouting them – they are likely to follow suit, putting the organisation at serious risk of penalties. Line managers need to be clear about how the new regulations affect the day-to-day work of their team so that they can lead the way on any changes that may be necessary and ensure their people understand the importance of compliance.
Three things to try:
- Launch a ‘see it, sort it’ campaign, to encourage people to take action when they know something isn’t right.
- Provide a GDPR presentation that managers can share with their teams to ensure lack of knowledge can’t be used as an excuse.
- Ensure performance objectives and compensation plans re-enforce the need to lead by example.
Make it easy
People need to be able to put their hands on clear information about what the new regulations mean and what they need to do differently when they come into effect in April.
GDPR-compliant Cloud systems like Cezanne HR not only help companies address key issues – such as how to secure and provide appropriate access to your HR data – but provide a central place where employees can easily access the relevant policies and information about processes and can sign to acknowledge they have read key documents.
The system also gives HR a platform it can use to communicate information and updates and track who has had appropriate training. If information is made readily available, frustration and time-wasting is reduced and employees are much more likely to follow procedure.
Three things to try:
- Make sure information about the GDPR is easily available on your HR system – tell people exactly where it is so they can find it.
- Publicise training sessions via your HR portal or other communication channels with a ‘click to book’ link.
- Design a certificate that can be downloaded or emailed to people once they have completed training.
The Deloitte report, ‘How leaders can build a culture of responsibility in a digital age’, is available here.
Erika Lucas
Writer and Communications Consultant
Erika Lucas is a writer and communications consultant with a special interest in HR, leadership, management and personal development. Her career has spanned journalism and PR, with previous roles in regional press, BBC Radio, PR consultancy, charities and business schools.