There have been 325,000 mentions of GDPR on social media in the space of just four months – and that’s in the UK alone. In the two months of January and February 2018, GDPR cropped up 184,000 times in the social chatter.
So, if you and your team are worried about GDPR and its imminent arrival on 25 May, you’re not alone.
Indeed, a recent white paper compiled by Forbes and US tech firm ASG Technologies reported that almost half of organisations globally – 47% – expressed serious doubts that they would be ready. Interestingly, the white paper said that companies were getting panicky because they recognised how terrible it would be for their reputation if an incident of non-compliance occurred.
But there’s no need to panic. You can get your GDPR training plan up and running in no time, even from a standing start. We know this because in the past few weeks, we’ve helped many businesses get up to speed on training their workforce for GDPR compliance.
The 3 reasons not to panic
1. There isn’t an apocalypse
GDPR Day is nothing like the millennium bug also know as the Y2K problem, when we all feared a massive systems meltdown on the stroke of midnight if our tech wasn’t ‘Year 2000 compliant’. The UK’s Information Commissioner, Elizabeth Denham has said: “I want to reassure those that have GDPR preparations in train that there’s no need for a Y2K level of fear.”
The message is that for those who are preparing, there is no cliff edge on 25 May; no apocalypse scenario. But there is a need for L&D to make a start now on implementing a training plan. Do that, and you’re already on your way to compliance.
2. Build on existing foundations
You probably already have some compliance training in place and it might even include data protection as one of the topics. Think about how you can augment this training quickly so that it reflects the new requirements of GDPR. One organisation-wide solution which has immediate impact is Sponge’s specially-developed game, GDPR – Sorted!
The game gives all staff a grounding in the basics of GDPR so that they’re aware of the risks to look out for and have the knowledge to prevent potential breaches. In the game, employees must work their way through a series of experiential scenarios where they are required to make decisions. They get to understand that GDPR isn’t just four letters they don’t need to know about, but a topic with real consequences in the event of a compliance failure.
“I want to reassure those that have GDPR preparations in train that there’s no need for a Y2K level of fear.” Elizabeth Denham UK Information Commissioner
3. GDPR is an ongoing journey
Think of 25 May as staging post. If your organisation isn’t GDPR-ready by implementation day, then – for the reasons outlined earlier – it’s important to show you’ve at least made a start in training staff. So, it really isn’t too late to begin putting plans in place.
Prepare for the long haul by drawing up a sound, sustainable GDPR training plan that will make data protection a way of life for your organisation. Our earlier blog has some great ideas on how you can forge a strong GDPR training campaign.
Having a continuous training plan will enable you to make the inevitable changes along the way and embed good data protection habits across the business. As Commissioner Denham explains: “GDPR is an evolutionary process for organisations – 25 May is the date the legislation takes effect, but no business stands still. You will be expected to continue to identify and address emerging privacy and security risks in the weeks, months and years beyond May 2018.”
Now is not the time to panic; now is the time to activate your rapid GDPR rescue plan!