GDPR: Whose responsibility?

4 Dec

How many times have I heard the words “GDPR is the next Y2K”? I’ve lost count! but let me assure you it’s a lot! Which is why when you look at GDPR and whose responsibility it is, most organisations start by placing responsibility with IT. However, there is a fundamental difference between Y2K and GDPR. .

Y2K was purely an IT issue – GDPR is anything but! You can’t simply ‘program’ a number of fixes and then put culpability on the IT team when it all goes wrong. Nor can you point the finger at the General Counsel, sit back and watch the panic unfold. GDPR is not purely an IT issue just like it’s not simply a Compliance, Legal or HR problem to solve. It impacts the whole business, in each and very functional area, and accountability needs to filtrate through the whole organisation.

Information Technology has a big part to play for sure. Ensuring adequate security measures have been implemented in software, infrastructure, governance and security breach procedures. Legal need to ensure solid, comprehensive policies are in place and are well communicated and understood for the rest of the business to adhere to. But from there on every business function has a duty and a part to play ensuring privacy sits at the heart of all processes and communications that interact with personnel.

Having recently launched a major compliance programme for a multi-billion-dollar global security organisation, attended countless GPDR events and having read extensively on the matter it’s fair to say, it seems, the biggest challenge to date is how to change culture and put privacy at the very heart of the organisation. Â When most businesses are driving their teams lean, hard and at maximum capacity, it’s hard to know how to give leaders and their teams the head space to consider how to effect a change in mind-set without sending the whole company into meltdown.

The mind-set change challenge

At a workshop with 20 astute, experienced and dedicated team leaders we looked at what were the key ingredients needed to effect a change in mind-set. We split the room into two, brainstormed and dug deep into the group’s experience as to what had worked well in the past when trying to propagate a culture change, and what had not. The outcome shared by the two groups  were unsurprisingly aligned: :

  • Send consistent and regular communication
  • Keep messages short and simple and keep them relevant
  • Test message comprehension on a sample of employees before sending out en-masse
  • Measure how well messages are received, understood and retained
  • Identify your communication ambassadors
  • Make it personal and let people know what’s in it for them


These were just a few of the consistent feedback messages echoing from the workshop but I would add the following additional suggestions:

  • Stay upbeat
  • Be innovative
  • Show the leadership team is on-board


Easy right? Yes, if you have unlimited time, budget and can put all other strategic plans on hold until you get there. But getting back to the real world, these are luxuries no organisation can afford.

So how do you ensure a consistent drip – drip – drip feed of simple and relevant messages are filtered throughout every corner of the business without blowing your whole comms budget on one initiative? Albeit a very necessary and important compliance requirement. While at the same time keep all those other non-GDPR plates spinning so they don’t come crashing all over the marble boardroom floor.

Engage to crack the culture challenge

Here’s how: You use technology for what it was intended for, to support the business through day to day operations and change. Most importantly when it comes to communication, by measuring who is receiving the messages, their understanding and how well they retain key points. And here’s a thought: how about giving employees the opportunity to feedback to the leadership team on the planned changes underway and capturing their views as to whether these will result in streamlined operations or instead bring chaos to those operating at the coalface?

Engage, a web and mobile app designed to measure and drive employee engagement is ideally placed to help meet these key challenges. Here’s how:

  • Communicating regulation updates
  • Advising teams of process and procedure change
  • Instant messaging on email and mobile push notifications
  • Sending intranet and external internet links to advise and inform
  • Measure how well messages have been understood using fun and innovative techniques
  • Keeping messages relevant –filtering messages by audience, team, location, etc.
  • Identify communication ambassadors  and rewarding engaged employees
  • Give employees a voice and therefore an opportunity to not only buy into change but advise on what will work best


Crack the conundrum of the mind-set challenge; let each and everyone know how GDPR impacts them as an individual and get the whole organisation in sync thinking privacy by design and default. Once you’ve achieved this you can start to see the opportunities that GDPR brings rather than the pain and inconvenience it inflicts. The opportunities being heightened privacy and security for all personal information, mature policies and streamlined process and procedures.

Engage is available now on web, Android and iPhone, quick and easy to set-up and intuitive to use. The strength of Engage is in its simplicity. If you’d like to find out more contact TheEngagementWorks today by emailing or calling +44 (0) 33 3014 3238 .