10 April 2019

GDPR – Making It Real and Interesting!

By Carol Tullo, OBE

ClaudiaWeaver_NaomiKornConferenceIWM39

Image ©Claudia Weaver

We are often asked “What can I do to remind everyone about data protection? They have all been trained but I need to refresh their understanding regularly. Help!” Here are some ideas.

The ICO’s Six Step Test for Brexit preparations and its guidance is largely about reinforcing that the basic steps are in place in your organisation, team or office. Organisational Awareness is Step 6. With the focus on Brexit and what it means for GDPR, we have been drawing together initiatives and ideas that we have seen work over the last year or so, to raise awareness and reinforce and reassure. Some you will have all this in hand but we offer this roundup for you to consider!

Catchphrases, acrostics, crosswords, and other word games: Getting Data Protection Ready was an obvious eye catching phrase but getting it Right still works. Some have used hidden words in text to emphasise key terms like controller, breach, SAR.
Quizzes and cake sales: the obvious works. I suspect GDPR a Year On will lose out to the potential exit day for Brexit but look for a meaningful hook or anniversary.
Using numbers: the GDPR countdown clock was a popular device leading up to March 2018 but think about 72 hours, 20 days or the fine levels catching attention. Use any trigger that has meaning for your team perhaps a major launch, event or exhibition.
Posters, postcards, and images: there are some great cartoons available for open re-use that may drive home your points to an audience that hears the word Regulation before the simpler messages about safeguarding their own personal information. I have seen a jigsaw based around an image of all the things you should not do in an office – leaving screens open, phone unattended and files open.
Social media – I doubt if anyone working in this field missed the December Twitter threads and FB memes around Father Christmas, GDPR and his lists! Pictures really do tell a story and our brains engage better with images than strings of facts. Build scenarios that have meaning for your office or team.
One client had a weekly Fun Facts email: they followed it up with Bonus Facts and small prizes. “Do you know that capturing your vehicle registration number on entering a carpark is collecting your personal data?” “ Do you know to avoid using an obviously shared email address, e.g. TheJonesFamily@gmail.co.uk or AandBSmith@email.com as that could be an inadvertent data breach?” Quotes from relevant newspaper or magazine articles that have relevance for your organisation can also be flagged perhaps in a weekly Data News Round or a Data Sharing Wednesday feature.
Another office celebrated GDPR Day with a balloon archway over the entrance to the building – that certainly caught everyone’s notice including the CEO which was probably the main aim!
Myth Sheets: in reverse a list of things that people think are not GDPR compliant but are allowed, e.g. keeping names and contact details for domestic or family use; collecting with parental consent class lists for birthday parties.
Top tips and Checklists: by now if you are in the personal data world, there will have been examples of what has gone well or not well internally. Tell the story…in a 100 words perhaps, and use as a case study to explore how it could have been avoided and what was learnt?

And remember the obvious – if you ask colleagues for ideas and suggestions of what they would like to help them build on previous sessions or training, then you may find they highlight a plan for you.

We are running a practical course to help you understand your data protection, GDPR and privacy obligations in London on 30 May, more details here or by contacting Patrick at patrick@naomikorn.com