The date is 25 May 2018. Everyone's talking about the GDPR. Colleagues across the business are engaged, even excited, about data protection. Regular questions about how the GDPR affects their day-to-day jobs are pouring in.
Fast forward to today's date. You may well be finding that 'GDPR fatigue' is starting to set in and engagement across your business is dropping off. You certainly wouldn't be alone; a number of our clients have reported a similar decline in employee engagement now that the mad rush has died down.
With the GDPR's focus on accountability, it's crucial that employees keep privacy compliance at the forefront of their minds, even as we approach the GDPR's first birthday.
Here are our top tips for maintaining high levels of employee engagement:
One year since the GDPR means it's time to refresh your data protection training. While you're there, take a look at how relevant your training materials are to your employees. There are some excellent off-the-shelf training products but employees are more likely to engage and remember key takeaways if the training is tailored to the particular challenges they are likely to come across on a day-to-day basis.
Training shouldn't be a five-minute flick through e-learning slides. To make sure that employees have taken on board all the relevant points, incorporate tests into training (or have separate testing processes). Make sure you are monitoring completion and think about having a required pass rate.
If you didn't appoint data champions across your teams in the run-up to GDPR implementation, now is the time to do it. Even if you already have data champions, consider setting up regular meetings to report on compliance across their teams and discuss current data protection issues. This will help with knowledge sharing and keep levels of expertise at an appropriate level.
Go back to the policies you carefully crafted this time last year and think about whether these need amending. Can you include more relevant, practical examples based on your experiences since May 2018? Have procedures evolved in practice? A policy refresh is a great excuse to email all employees with a data protection reminder.
Consider paying a spontaneous visit to various teams to check on day-to-day compliance. Warn them first that it's coming to prompt a look back through the policy framework and training materials.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at March 2019. Specific advice should be sought for specific cases. For more information see our terms & conditions.