With nearly 25 years operational experience, I’ve been lucky to lead some significant transformational change programmes. Whilst conventional thinking and previous experience have certainly played their part, my latter foray into industries and technology unknown, has often challenged my own approach and paradigms. Are previous…
We launched our GDPR ‘Healthchecks’ services some time ago now.
With so much hype and conflicting advice in the run up to 25th May 2018, we found that businesses have been keen to have an independent ‘sanity check’ on just how their organisation has been doing when considering the new regulatory requirements.
GDPR Healthchecks – what our data tells us
Our ‘healthcheck’ covers a number of key areas including:
- Governance and Control
- Staff training and awareness
- Dealing with Data Subjects rights
- Dealing with data breaches
- Managing 3rd parties
- Implementing Privacy by Design
As the diagram shows, 59% of our health check criteria is being met. Whilst its virtually impossible to compare that to a starting point (reporting on previous data protection compliance was pretty limited), our view is that this highlights that some progress has been made and that SME’s are taking some action to meet the new regulatory requirements.
Looking more closely at the areas reviewed, the results from the individual areas are quite broad. There appears to be some pretty good progress on staff training and awareness and governance activity as businesses have looked to improve staff knowledge and update policies and procedures. Interestingly, results also show that more could be done to ensure any training has actually been fully understood plus businesses ensure proper control mechanisms are in place to check policies and procedures are being followed.
GDPR Healthchecks – mixed progress
A constant theme from our audits is the mixed progress with dealing with 3rd parties, dealing with data subjects and their rights and understanding and developing a privacy by design culture.
In specific terms we have noted:
- Businesses still have quite a bit to do in terms of recognising who they share data with and ensuring they are meeting the requirements of the regulations.
- Despite training, actual understanding of the regulations and recognising and acting upon rights of Data Subjects is still somewhat of a ‘mixed bag’.
- Having an ongoing programme to develop a culture of privacy in organisations still needs some work.
Progress is being made!
Whilst all of the above should be balanced with the Organisations attitude to risk, our overriding view is that progress is being made but there is still work to do!
By Sarah Burns, Data2Action (Apr ’19)
We frequently get asked by clients to help with their ‘digital transformation’ programmes, sometimes at the outset as they work out exactly what such a programme could or should include and some, at the point their programme is deemed to have failed.
Many start out with a strong view that to achieve future success they must ‘transform digitally’ but when we dig a little deeper and ask exactly what they mean by this they struggle to give a direct answer. Some confuse digital transformation with digitalisation. Others feel they’ll be left behind if they don’t have digital technology in their business or they feel they need such a programme as ‘everyone else’ has one, haven’t they?
Well yes, that may be the case for both points and admittedly, ‘digital transformation’ does seem to be one of the current buzz words in business with benefits to business being widely reported.
However as we explain, it’s much more than just about new technology solutions and more about a whole business transformation, a complete programme of change geared around the organisation strategy and goals and which creates a fundamental new business model. To add further clarity, we explain the difference between digitalisation which is more akin to updating existing processes with a digital solution and digital transformation which is fundamentally doing something different.
Alarmingly, whilst many seem to be undertaking digital transformation programmes, a recent survey by Forester shows the majority (over two thirds) state they had failed to realise their business objectives. Only 16% in fact claim to have realised improved performance and more importantly, sustained improved performance.
So why might this be the case? Well, our experience shows many organisations approach digital transformation on mass and very often from an internal perspective. They implement new digital technology solutions that address an internal challenge, for example, to automate processes and cut costs, or because it’s the latest technology and it’s perceived to have worked for other businesses. That may well be the case however, all businesses are different, and its important to implement change that fits each business and more importantly is aligned to outcomes to improve either products or services for customers.
Taking a more external view such as a customer led approach, is much more likely to yield greater value. We’ve experienced situations where organisations have developed a new app for their customers or implemented an online chat solution into their service proposition. Both may well be game changing developments however this will only be the case if the solutions have been created from a customer (external) perspective. Just because you have new digital technology solutions available for your customers doesn’t necessarily mean they’ll automatically see any value and hence use the new solution as you expected.
Taking an external view will ensure your customer needs and experience are carefully thought through, before deciding what new technology is right to meet their needs. Taking this approach where customers are at the heart of the solution will result in greater usage, an improved customer experience and in turn improved business results.
So, if it’s about adopting an external view and truly understanding the needs of customers, how do you go about creating a digital transformation programme and what are the core components that will achieve your digital organisational strategy and goals?
From our experience, such a significant change programme must be created, led and supported by the Leadership team, but with input from employees and customers who hold vital insight into what is working now and what needs to change. This data and insight more often than not sits within your business. Do you currently measure your customers experience, or do you measure retention rates for example, if so, then this, amongst many other sources of data and insight, will lead you to understand what and how to transform, be it a change to a product or the service you provide.
Furthermore, creating a clear company communication plan that sets out the vision for the change will engender employee buy in and trust rather than fear and resentment. Hand in hand with communicating the vision is to develop a digitally savvy work force. This may mean upskilling current employees and/ or attracting new skills into the business. And finally, equipping your digitally savvy workforce with digitally enabled tools to do their jobs, and empowering them to think and work differently from more traditional methods, all of which will create a mindset and cultural change to achieve improved and sustained performance.
To find out more about how we can help with your digital transformation please contact us at email@example.com
It maybe the season of goodwill but that hasn’t stopped the ICO making further changes to Privacy legislation that will pour more misery on Company Directors.
As of the 17th December, Directors will be personally liable for nuisance marketing activity and could be forced to pay up to £500,000. Under changes to the Privacy and Electronic Communications Regulations (PeCR), the regulator is cracking down on Company’s who seek to avoid existing fines by winding up the Company in the face of regulatory scrutiny or monetary penalty and set up a new Co under a new name (so called ‘phoenixing’). This change will hold Directors of Senior Officers more accountable moving forward and is hoped to further discourage poor practice.
To find out more:
With virtually every form of media currently saturated with ‘all things GDPR’, it’s a sad fact that many businesses remain both perplexed by the changes and also unclear as to the value this can bring. With less than 100 days to go, organisations big and small are mobilising to reach the new levels of compliance expected but how many are actually seeing this as an opportunity to unlock the value that GDPR can present?
Central to GDPR are people and their data with the regulations aiming to give individuals greater powers of control over their information. In order to comply with the new legislative requirements, businesses should by now be critically evaluating both the need for and the requirements of the data they collect and by reviewing their current ‘people, process and technology’ systems, they should be looking to update and protect the same. However being lost in the ‘white noise’ of confusion is the fact that within this process of re-evaluation by businesses, GDPR actually presents a whole host of benefits for businesses.
Read the full article here:
The coming years, however, could see data issues as a further reason to put directors in the dock and a spur for this is likely to be the impending General Data Protection Regulation (GDPR)’
An interesting article from the Telegraph on cyber risk and how insurance can provide support.