Is it a separate function? Often times GDPR and IT, or even Cyber, are literally and figuratively on opposite sides of the building. And chances are its not connected to Marketing either. The 'GDPR lady' is always busy, nobody's sure what she does, nor do they care - as long as she leaves you alone!
Annoying pop ups. Misinformation. Burden of compliance.
Hark back to May 2018 and GDPR meant repermissioning emails which were soon replaced with cookie permissions. It felt like an unfair burden on small businesses who were required to do the same legwork as the big tech companies but without the resources and the experience to tackle it. And those fines.... talk about rule by fear!
At the heart of data protection is ethics, sound business practice and accountability. If it doesn't feel right, chances are it isn't. Reducing the volume of data you store, the less at risk you are and the more targeted and efficient your marketing can be. How many people have an email box of sent items they mean to clear out? GDPR meant mailing lists got a lot smaller - has there been a fallout? Probably not.
If you're a small business chances are data protection and getting GDPR ready was added to an existing role. This poor person became the bane of everyone's lives and the rest of the company was glad they only had to contend with an hour's training. But data protection filters through to each and every role. Just a few examples include:
Plus the obvious ones like HR looking after employees and recruitment, Sales putting customers in your CRM, or Security and CCTV cameras. So pretty much each and every single person in the organisation. If you can win your staff over on GDPR giving them a solid understanding of the fundamentals of data protection, they will automatically think privacy when designing new process, interacting with customers or representing the company. Then this way you organically reach that nirvana of data protection that has been baked into the organisation.
Your route to this is through regular sessions that incorporate training that's in the moment and personalised. Ensure it includes every member of staff and focus on the business benefits of GDPR and not the burden.
Data Influence blogs and stories are provided for information only, not legal advice. Always consult your lawyer on legal matters.