I’m guessing that you, like me have had your share of emails and snail-mail correspondence regarding the importance organisations place on how they handle our data. This importance is driven by Legislation aka Governance. On May 25 2018 GDPR (General Data Protection Regulation) comes into force.
This is understandable given our data should be carefully managed as a principle. However often, this is not the case.
In the time-honoured tradition of Lessons Learned, the first action is to find out who to blame and apportion said blame.
Who is to “blame” for this additional legislation protecting our data? Surely this is “just good practice” and organisations that we share information with have been applying said “good practice”. Well, here’s the thing: maybe not so much!
A couple of current examples as the list is extensive: TSB and their tribulations on what should have been an ITIL-led, established good practice data transfer, NHS with too many for cataloguing here, the UK Home Office and Windrush, Facebook & Cambridge Analytica and so the list goes on.
I’d suggest this is an ideal situation for effective organisational change management. Those who’ve been kind enough to read my previous blogs will recognise “Habit or Choice” linked with organisational and personal “wilful blindness”.
We’ve travelled a relatively long way from 1993 and the “start” of the Internet and the associated notion that it was open, free and almost unregulated. We have travelled through time being, I’d suggest organisationally and personally, wilfully blind in how we interact/use the internet and our sharing/managing of data. An example: how many of us scroll to the tick box so that we can access the offering? Why do you think the terms & conditions are so unreadable? Who do the terms and conditions protect?
As has now entered common language “if it’s free, you’re the product”.
Back to my heading: opportunity or process? This is where organisations and individuals who comprise the organisations and/or use their services require to be alert to the challenges of “Habit or Choice”.
Organisations have an opportunity to review their approach to Governance, spirit and letter. How many will take the opportunity?
Individuals have an opportunity to challenge their personal approach to “Habit or Choice” by being more discerning and careful about how they share.
I had a recent, lengthy correspondence with a large UK Bank over their handling of my data and the impact on me, both personally and professionally. This was an interesting experience in the usual definition of “interesting” i.e. not interesting but very, very frustrating. Cutting to the chase, the Bank admitted responsibility, gave me some money and we moved on.
Here’s my point. As a customer I had complied with every requirement of the Bank to protect my data. The Bank made several errors in how they managed a data transfer and integration exercise…if this sounds familiar I’m not describing the recent TSB situation. It was another UK banking group.
My point is even by complying with notional legislative/governance standards, there is n no guarantee of safety.
Personal responsibility is key when dealing with organisations in the “digital world” where everything is connected to everything else and all through a Call Centre!
For most organisations, GDPR is an additional process encumbrance. How many have taken the opportunity to regard GDPR as a driver for change by reviewing their approach to Governance and appropriateness for today and the future?
I wondered how Mark Zuckerberg felt during his appearance before the US Congress. One Senator hit the GDPR nail on the head when he asked Mark Zuckerberg would he mind telling at which hotel he was staying. Zuckerberg smiled and politely refused.
Maybe individuals should do more “polite refusing”.
You never know it may make a positive change.