If we are experts in Change then we need to live and breathe change, welcoming the challenges it presents. Championing Change as a critical part of improvement and evolution, this means really thinking through and challenging our existing ways of working. Change is what we do and it’s what we know how to excel at. GDPR (General Data Protection Regulation) therefore is just the next item on the Change agenda. High pressured, cross functional, date critical, a compliance dimension and many aspects that can be either just unfamiliar or new. These generate fear and worry but we mustn’t forget the key principles that we know are essential in delivering successfully.
Time and time again we see the same issues during Transformation and Change programmes:
GDPR is on most people’s agendas at the moment and it feels like an approaching storm which we cannot stop coming straight for us. We don’t have enough time to do everything by the date it arrives, so we need to prioritise what is business critical and what we need to schedule into logical phases in the project plan that will enable us to optimize the management of the storm when it hits.
GDPR will however present new challenges that we will have to adapt to. Thought leadership will be key, assessing risk and making priority calls on what and how we react to the new regulations. This will highlight a need for behavioral change, its simply not ok to just carry on because that’s what we have always done. Therefore, the GDPR Change environment will focus the need for us to adapt our approach and create the right culture for success. Collectively we need to agree what’s essential for May 25th (when the regulations come into force) and what can be delivered as part of a continuous improvement plan for the future, we can’t so it all at once.
From a programme delivery and stakeholder engagement perspective, our focus must be on bringing GDPR to life in our organisations but this doesn’t mean we can ignore those proven key success criteria. So, let’s focus on 5 key areas.
1. What is GDPR - Remove the regulatory jargon and talk in terms that your business knows, can understand and can relate to. Give the right level of information and guidance to the right people and use more dynamic, innovative and visual formats to get your messaging across:
(click on the image to watch a video)
Don’t swamp with the detail when not necessary it can be very intimidating. Make the appropriate use of SMEs. Make it mean something for the individuals and teams in the organization
2. Remember the basics of Change Leadership. Plot the course before you begin and then navigate. GDPR does not change that.
3. Create an honest and open, no fear environment to ensure effective risk assessments can be completed. Understand what you have where you are today; totally honesty. You must have a clear and agreed start point to have any chance of reaching your goals.
4. Communicate – the GDPR changes will form part of a journey for your organisation, with some immediate needs for May 25th and beyond. Keep people informed, show them the what and the when and take them on the journey with you.
5. Adapt and change. Whilst we must stick to the core principles of change leadership, this should not stop us adapting and tweaking our process and methodology. If delivering the GDPR changes won’t fit into our current approach, adapt. Not necessarily Agile delivery, but an “Agile mindset”. By adapting our approach in a controlled environment we are championing change to all.
by Rupert Taylor September 2018