Employee engagement
Top 3 data protection program issues and how to start resolving them: #28
Engaging with your employees gives you the opportunity to elevate awareness of data protection, embed responsibilities, and provide them with the skills they need, typically through education and training.
Yet in many companies it’s a tick-box exercise with minimal investment.
Data protection leaders often prioritise funds in technology and documentation exercises.
How you engage with employees is critical and you may also be familiar with the following top 3 issues we encounter.
#1 No cadence, no dancing to your data protection tunes
No matter your taste in music, if you hear a rhythm you may notice your feet tapping and occasionally we need a beat to get something done.
In employee engagement terms, employees need a cadence of varied activities throughout the year to re-enforce your key messages.
In the following film (an old one from 1991) equate ‘brand’ to be your data protection programme of work:
In your employee-facing data protection work, you need to get your ball bouncing and keep it bouncing!
In many companies, engagement activities comprise solitary experiences - the end of year elearning push, or a data protection day event and very little else.
It’s not a question of being an irritation - too much of the same thing may need to annoyance among employees so using your imagination with a varied set of activities is critical.
It's also an opportunity to demonstrate accountability through the evidence you'll generate:
- Analysis of audiences
- Audience needs (awareness, education and training)
- Execution of activities
- Participation/attendance metrics
- Engagement metrics
- Scores supporting the notion of employee understanding (test, exam, quiz answers, etc)
You may even consider establishing a ROEA - no, that's not a spelling error. I don't mean ROPA!
ROEA are Records of Engagement Activities - this is your combined Employee Engagement Plan and the aftermath - updated with the results of the activities.
#2 Same old, same old
You may think you know what employees need so you impose materials on them.
You may produce the materials yourself or use an external consultancy to provide them.
It could be ways of working/procedures, or educational material.
Employees need to see what's in it for them, in their context.
Imposition may lead to resistance, so employee involvement is essential.
Simply asking employees about current practices, or past material may reveal some valuable input, especially when you want to elevate engagement.
As Einstein supposedly said, "Insanity is doing the same thing over and over and expecting different results."
Incidentally, many doubt Einstein actually said that!
Recognising the varying needs of employees by conducting training needs analysis will ultimately result in reducing risk and greater levels of sustainability.
Involving employees in understanding and mapping their ways of working involving data protection may take longer than imposing some generic material on them.
By providing some basic data protection education, you can then work with them to develop their own materials.
You need employees to take responsibility take ownership.
That will also reduce the burden and dependency on you as the data protection leader.
#3 Competing for employee attention
Nowadays, employees are subject to endless messaging through multiple channels:
- Work email
- Work sms
- Intranet
- Endless meetings
- Presentations
- Town halls
- Informal chats over lunch, etc
And then there's all the messages outside of work that may creep into the workplace.
It's no wonder employees struggle to remember everything, or even have time to absorb all the messages.
In the workplace, you compete for the attention of employees.
You can compete with your peers - could be from HR, Finance, Internal Comms, the CEO, etc. etc.
Your messages may equate to the zeros on the left in the following overview - they are indistinguishable from all the others.
You need to get your messages to stand out.
They need to be the 'X' on the right in the diagram.
How do you do that?
You need to use some imagination and a dose of creativity and use this model:
- IMPACT - get attention. Your message needs to be unmissable, unavoidable, be different from the rest
- COMMUNICATE - your message needs to be clear and understandable
- PERSUADE - outline clearing what employees should do (WIIFM)
Most people focus on step 2.
They put a vast amount of effort crafting the message but in many cases if employees don't see it because it's mixed in with all other messages, or it just looks the same as the others, it can be the biggest waste of time!
Think about step 1, put effort into that too.
Re-frame your messaging around data protection.
Here's an example: which "GDPR brochure" is most likely to get employee attention if you left a pile of them in the company reception, or in the kitchen spaces in your workplace?
At Purpose and Means, we do things differently.
The data protection experience for employees and management is what we focus on.
We build passion and interest in data protection through highly visual, creative approaches.
Data protection is complex, and to bring it alive, make it actionable from top to bottom requires an approach your average copy/paste consultancy doesn’t provide.
Purpose and Means help Data Protection Leaders refresh their work focusing on business alignment and orchestration.
We’re based in Denmark, but operate globally.
If this issue resonates, book a call to discuss your requirements!
