Top 3 data protection program issues and how to start resolving them: #26

Data protection is a complex and broad topic.

Although some may perceive it as primarily a legal issue, to succeed, you need to understand the broadness and accept that you’ll never personally cover every nuance.

No matter whether you consider yourself to be an expert in data protection law, data protection by design, privacy engineering, records management or value sensitivity (to name a few examples) you should see yourself as part of a larger team.

That’s because data protection is a team sport, or to use another analogy, as a leader, you are like a conductor of an orchestra.

You depend on the knowledge and expertise of others.

#1 Knowledge and skills gaps

You need to appreciate what you bring to the table, and what you don’t.

If you are an expert in data protection law but lack change management know-how, don’t attempt to do change management.

Bring in a change management resource.

The same goes for all other needed competences.

Here lies the challenge - understanding the broadness and knowing when to orchestrate the various colleagues.

#2 Lack of embedment

It’s always interesting to read cases investigated by SAs or incidents in the news, especially to understand the learning points.

I’m amazed at how there are often symptoms of lack of embedment of policies.

Symptoms that show policies have not been brought to life in the different organisational contexts, e.g. HR v IT v UI/UX v Product Dev.

Employees have been expected to figure all this out for themselves after watching some generic GDPR eLearning.

Regular interaction through a cadence of employee engagement - in their context - is absolutely critical.

And this brings me to the third issue.

#3 Employees are *not* the weakest link

You shouldn’t blame employees if you’ve not invested in making data protection contextual.

Or, if you’ve not made data protection easy for them to understand.

Or easy to live up to your policy statements.

Meet employees where they are, their context, rather than expecting them to embrace your often perceived abstract world of data protection.

‍

At Purpose and Means, we do things differently.

The data protection experience for employees and management is what we focus on.

We build passion and interest in data protection through highly visual, creative approaches.

Data protection is complex, and to bring it alive, make it actionable from top to bottom requires an approach your average copy/paste consultancy doesn’t provide.

Purpose and Means help Data Protection Leaders refresh their work focusing on business alignment and orchestration.

We’re based in Denmark, but operate globally.

If this issue resonates, book a call to discuss your requirements!