As the dust settles, GDPR should be a springboard for progress. Here Richard Acreman, Partner at WM Reply, discusses the challenges involved in complying with GDPR and how right now these challenges are presented as an opportunity to grow and succeed.
For some companies, the words “post-GDPR” have come to be read as “post-apocalypse”. Threats of fines proportional to global revenues and the decimation of marketing databases have dominated the headlines. But whether you view it as a disaster or a necessary update to privacy regulation, this month will have brought with it a lot of change to companies’ internal IT, change that will as inevitable as it was sweeping.
With that in mind, it would seem like a good opportunity to say “in for a penny, in for a pound” and push through some of the more proactive change that’s been overdue for a long time. There’s a formidable internal comms opportunity here to break bad habits, introduce much needed operational improvements and develop the building blocks of strong digital culture. How? By going beyond GDPR and taking the shake-up as an opportunity to smuggle through other, better changes that will have a long-term benefit for employees and catalyse digital transformation. Using this reasoning, companies can turn their infrastructure into something game-changing, rather than just compliant.
By doing so, the hassle that is regulatory compliance can be overshadowed by something much more progressive. But even progress itself isn’t uniformly viewed as a good thing; to be truly positive, the change needs to bring clear advantages to employees. Positive change can strengthen the delivery of – and engagement with – more mundane but necessary change, too. It’s widely accepted that changing behaviour is easiest when people are away from their familiar surroundings, so put all that together and you see IT process improvements and data protection can and should go hand in hand.
But when push comes to shove, what is to be gained by going beyond compliance? Moving from a legacy internal infrastructure to a purpose built modern one can be like going from an old mobile to a smartphone. It changes the very nature of business operations, rather than just facilitating those that already exist. The narrative of GDPR doesn’t have to be one of painful compliance, it can be a story of positive employee-backed change, with legal future-proofing baked in.
Updating your “infrastructure” sounds intimidating, but in reality, it’s as big a job as you make it. For the sake of simplicity (not to mention best practice) here are two examples of what that can look like. They are both rooted in the Microsoft 365 product suite, and that’s for two reasons: firstly, it contains some of the best examples of modern digital communications tools; secondly, most companies already have some kind of Office 365 license in place through the presence of Word, Excel and Outlook, among others.
As technology, and in particular light touch forms of artificial intelligence (AI) start to make real inroads into the workplace, one place they can add a lot of value is as a way to augment and enhance employee performance. As workers become more familiar with the tools that are out there and the everyday efficiencies those advances bring, employees quickly begin to get a flavour for how much more effective their work hours can be. This is something that can start small but at the other end of the spectrum be revolutionary, as in the below example.
Yammer, Microsoft’s enterprise social network tool that allows employees to communicate, make connections and solve problems collaboratively across a diverse organisation could be even more of a boon to those who use it when it’s backed-up by an AI chat-bot. “Say, if I send this file by email am I in breach of GDPR?” one might ask, generating an instant response from the gigabytes of information already digested and processed by the bot. Or maybe, “am I allowed to record this data, and if so where?” Outside of GDPR, the bot could help with everyday things too, from “who in HR should I speak to about our bonus structure?” though to “where might I find that report on driverless cars we published in 2014?”
Flow is the new fast
One of the biggest – and most legitimate – concerns around GDPR is human error. Humans not having been trained properly, humans being lazy, humans making mistakes because they’re in a rush. All likely, and all more or less guaranteed to cause data breaches in the near future. In fact the Information Commissioners Office report that the vast majority of all data breaches are indeed down to human error.
One of the solutions is Microsoft’s Flow. When you know that employees are dealing with sensitive, personal information on a regular basis, it’s safer, not to mention more efficient, for that data to be handled, and safely stored automatically. Why not set up a process for that data to be moved, processed and protected from anywhere in the business when someone tags it with #GDPR? Simple, efficient, and almost fool-proof. And why stop there? Build processes for marketing queries, sales follow-ups and, well, almost anything.
Those are just two examples, one very tangible, the other more pie in the sky, to hint at the the range and variety of what real software change can bring.
It’s not always easy pushing change through an organisation, even a small one. Because of that, when change is inevitable, it’s imperative to seize the opportunity. However, that’s not to say it all needs to be done at once. If the right things are improved, at the right pace, and employees have a chance to see the benefits, then the foundations can be laid for further changes down the line. Once the journey has begun, and change starts to be seen more and more in a positive light, then the door can be left open, and the full gamut of employee and business centric efficiencies can start to find their way in. So if GDPR remains the storm cloud hovering over 2018, give it a silver lining.