Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
© IT Governance Ltd 2018
Presenter: Stefanie Retfalvi, Learning Design & Solutions Consultant, IT Governance
GDPR Compliance: Getting Everyone On Board
© IT Governance Ltd 2018
Agenda
01
02
03
04
06
07
?Q&A
05
Cyber Security Awareness Programme
GDPR Compliance: Getting Everyone
on board
About IT Governance & Introduction
© IT Governance Ltd 2018
About IT Governance
© IT Governance Ltd 2018
Introduction
• Stefanie Ildiko RETFALVI
• Learning Design & Solutions Consultant
• International cross-sector experience
© IT Governance Ltd 2018
Staff Awareness & The GDPR
© IT Governance Ltd 2018
Article 36
1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
“
© IT Governance Ltd 2018
Why it matters
ICO publication:Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now
© IT Governance Ltd 2018
Stakeholders, Focus Groups & Planning
© IT Governance Ltd 2018
Compliance affects Everyone
• C-Suite, senior management buy-in (leading by example)
• DPOs, CISOs, CIOs • Business process owners• HR, change management, internal comms• Focus groups • Surveys
© IT Governance Ltd 2018
Managing Change
© IT Governance Ltd 2018
Dealing with resistance
Aversion to change is natural
Resistance to Content versus
Resistance to Process Consider this question within your
organisational context
© IT Governance Ltd 2018
• Understand your audience(s)• Align your strategy and your culture• Read and rewrite the context• Make use of proven engagement techniques• Be opportunistic
Managing the Transition
© IT Governance Ltd 2018
To attain the highest levels of employee engagement, it is important to generate personal investment and motivation for adopting the GDPR.
“Bringing about a Change in Mindset
© IT Governance Ltd 2018
Common Challenges
© IT Governance Ltd 2018
The GDPR as a focal subject• Viewed as dry • Perceived as overwhelming• Misconceptions (regarding
implications)
© IT Governance Ltd 2018
Training Audit Trail True Engagement & Behaviour Change
© IT Governance Ltd 2018
Proven Techniques & Solutions
© IT Governance Ltd 2018
Identifying Problems
Identifying common drivers for resistance or gaps in understanding is the first step to gaining organisation-wide buy-in.
“
© IT Governance Ltd 2018
Implementing a GDPR Awareness Programme
It is important to offer a modern mix of different GDPR-focused learning and communications tools to address individuals’ diverse needs and preferences.
“
© IT Governance Ltd 2018
Gaining Buy-In
Don’t treat GDPR awareness training like a bitter medicine that everyone needs to swallow.
“
© IT Governance Ltd 2018
Example
© IT Governance Ltd 2018
Delivering Knowledge
Understanding the GDPR will help to mitigate aversion to change and reduce the human factor as a risk.
“
© IT Governance Ltd 2018
Example
© IT Governance Ltd 2018
Encouraging Knowledge Transfer to the Workplace
It is not enough to know what best practice involves. Employees need to apply their obtained knowledge in their everyday activities.
“
© IT Governance Ltd 2018
Sample Solution
These should:• Be meaningful, encouraging deep reflection and the transfer
of acquired knowledge to the workplace;• Make learners active participants by challenging them to
recall key information in relevant contexts; and • Prompt participants to identify risks and apply best practice
in situations that could arise in real life on the job.
© IT Governance Ltd 2018
Example
© IT Governance Ltd 2018
Continual monitoring of progress will ensure that everyone has achieved the required level of knowledge and understanding.
“Evaluation
© IT Governance Ltd 2018
Example
© IT Governance Ltd 2018
Once the programme is finished, it is important to ensure that the GDPR remains at the forefront of individuals’ minds.
“Continual Reinforcement
© IT Governance Ltd 2018
Useful References
© IT Governance Ltd 2018
Useful References
“GDPR in the workplace”“Employee communication”“Change management”https://www.cipd.co.uk/http://www.wfpma.com/https://ico.org.uk/about-the-ico/what-we-do/taking-action-data-protection/https://www.itgovernance.co.uk/blog
© IT Governance Ltd 2018
Conclusion & Your turn! Q&A
© IT Governance Ltd 2018
Conclusion
© IT Governance Ltd 2018
Call us+44 (0)333 800 7000
Email [email protected]
Visit our websitewww.itgovernance.co.uk
Like us on Facebook/ITGovernanceLtd
Follow us on Twitter/itgovernance
Join us on LinkedIn/company/it-governance
Read our blogwww.itgovernance.co.uk/blog
Stay in touch!
© IT Governance Ltd 2018
Queries?
Understanding?
Clarification?
Your Turn!