GDPR: building a culture of responsibility

With the GDPR fast approaching, companies are busy putting the right policies, processes and HR software in place to help manage their data and ensure compliance with the new regulations. But as any HR professional will tell you, having ‘rules’ in place doesn’t necessarily mean people will follow them, even if the consequences have been clearly explained.

gdpr

In a recent, fascinating report, Deloitte examines what drives people to take responsibility for doing the right thing, whether that’s in relation to complying with legislation or just going about their job in an ethical, appropriate manner.

Strong relationships, clarity about roles and a sense of being valued by the business came out as key factors influencing employee behaviour. But as the report points out, the digital world we now live in, is making it harder than ever for companies to engender a sense of personal responsibility among their employees.

The rise of remote working and virtual teams, coupled with the effects of globalisation and fast-moving markets, have led to a break-down in the strong working relationships that once characterised the workplace and helped employees understand ‘how we do things around here’. People are often confused about who they report to, where the boundaries of their constantly shifting job role are and how their work fits into the bigger picture. Information overload is also an issue. With a constant stream of communication, it can be difficult for people to identify what’s important and what applies to them personally.

So, in a changing and confusing world of work (and in an environment where non-compliance with regulations comes with strict penalties), what can HR professionals do to create an environment where people take responsibility for their actions?

Set the tone from the top

The Deloitte report, ‘How leaders can build a culture of responsibility in a digital age’, emphasises the importance of reciprocity in the employer-employee relationship. Research has shown, for example, that employees who feel connected to the business and treated well, are more likely to feel that rules apply to them and will act responsibly. Conversely, those who feel their leaders don’t have the best interests of the whole company at heart, are likely to lack motivation and may even engage in harmful, deviant behaviour. If organisations want their employees to show commitment and do the right thing, the message that people are valued needs to come from the very top.

Three things to try:

  • Town hall meetings – get leaders in front of people on a regular basis so they can reinforce key messages. Make sure those who can’t attend personally can dial in.
  • Leadership lunches – organise a series of informal, small-scale lunches where employees can meet leaders face-to-face
  • Communication campaigns – use your HR portal, e-newsletters or regular email updates to acknowledge challenges, share knowledge and showcase best practice.

Make responsibilities clear

In fast-moving markets, employees often find their roles altering almost overnight. New teams are formed, reporting lines shift and yesterday’s priorities are today’s old news. It’s hardly surprising that employees often lack clarity about what their goals are, who they need to please and where the buck stops. Anyone who is responsible for capturing, processing or sharing data needs to have appropriate training and be absolutely clear about how the new rules will affect their role and where their personal responsibilities lie.

Three things to try:

  • Make responsibilities explicit, and ensure that GDPR compliance is a standing item on team meeting agendas and performance reviews
  • Encourage managers to have regular informal check-ins with their people so that they can review goals on a regular basis
  • Offer for HR to visit team meetings to brief people on how you are managing their data in the context of the GDPR and why it’s important for the business.

Build strong relationships

Collaborative relationships play a vital role in creating environments where people feel a strong sense of personal responsibility. If employees see the colleagues they respect and trust observing the rules, they are more likely to follow suit. Deloitte’s research has shown, however, that in digital environments, the “societal guardrails” that encourage people to follow the often unspoken rules about the way things get done, are often broken down. We are more connected by technology than ever before – but less connected and invested in each other in person. Managers need to help their people build a strong network of relationships both within and across teams, and to create a sense of ‘we’re all in this together’. If people feel connected, they are more likely to invest their energy in a positive direction for the good of their peers and the business as a whole.

Three things to try:

  • Create projects that encourage employees to work together collaboratively. For example, opt in colleagues from elsewhere in the business to help you get ready for GDPR compliance.
  • Encourage staff to set up social groups that bring people together over shared interests (i.e.lunchtime photography club, walking group)
  • Use the internal social portal that comes with most HR software systems to help people connect and collaborate

Role model the right behaviour

Line manager behaviour will be key to making sure new data protection rules are complied with. HR needs to concentrate its efforts on making sure this influential group take the new regulations seriously and model the right behaviours. If team members see their managers being dismissive about the rules – or possibly even flouting them – they are likely to follow suit, putting the organisation at serious risk of penalties. Line managers need to be clear about how the new regulations affect the day-to-day work of their team so that they can lead the way on any changes that may be necessary and ensure their people understand the importance of compliance.

Three things to try:

  • Launch a ‘see it, sort it’ campaign, to encourage people to take action when they know something isn’t right.
  • Provide a GDPR presentation that managers can share with their teams to ensure lack of knowledge can’t be used as an excuse.
  • Ensure performance objectives and compensation plans re-enforce the need to lead by example.

Make it easy

People need to be able to put their hands on clear information about what the new regulations mean and what they need to do differently when they come into effect in April. GDPR-compliant Cloud systems like Cezanne HR not only help companies address key issues – such as how to secure and provide appropriate access to your HR data – but provide a central place where employees can easily access the relevant policies and information about processes and can sign to acknowledge they have read key documents. The system also gives HR a platform it can use to communicate information and updates and track who has had appropriate training. If information is made readily available, frustration and time-wasting is reduced and employees are much more likely to follow procedure.

Three things to try:

  • Make sure information about the GDPR is easily available on your HR system – tell people exactly where it is so they can find it.
  • Publicise training sessions via your HR portal or other communication channels with a ‘click to book’ link.
  • Design a certificate that can be downloaded or emailed to people once they have completed training.

 

The Deloitte report, ‘How leaders can build a culture of responsibility in a digital age’, is available here:

https://dupress.deloitte.com/dup-us-en/focus/industry-4-0/building-a-culture-of-responsibility.html?id=us:2em:3na:dup4100:awa:cons:110917&sfid=0033000001CygpSAAR rel=”nofollow

You may also be interested in...

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe

Sign up to our newsletter to receive more posts like this via e-mail.