Following up on last week's post on GDPR, I thought it would be good to expand a bit on each point. This week, it's Awareness.
There are steps that are legal, other that are technical, but this one is neither. It's about people.
In a couple of previous work experiences, I realised a lot of senior managers expect GDPR to be an "IT issue", or a "Legal issue", but the truth of it is that the whole organisation needs to be involved, or any efforts towards compliance will be useless.
When the issue of compliance is put in a silo, then it becomes an uphill battle that you will never win.
You can make a huge effort to implement the best systems to cater for GDPR, but if your commercial department staff each decide to hold their own spreadsheet with contacts in their local drive in their laptops, you will still have a huge problem in your hands.
The time to discuss this is now. The first step is awareness, and everybody in the organisation should be aware of their role to play in compliance.
You can do this with posters, email communications, notes on people's desks, or whatever you like, it's time to get creative! but get cracking soon, everybody needs to be on board.
GDPR is coming into force on 25th May 2018.
< GDPR Shouldn't be so scary 2. Information you hold >