GDPR is coming – Don't forget the basics. 5 ways to keep it simple.

If we are experts in change then we need to live and breathe that change, welcoming the challenges it presents. Championing change is a critical part of improvement and evolution, and means really thinking through and challenging our existing ways of working.

Change is what we do and it’s what we know how to excel at. GDPR (the EU General Data Protection Regulation), therefore, is just the next item on the change agenda. High pressured, cross functional, date critical, a compliance dimension and many aspects that can be either just unfamiliar or new. These generate fear and worry but we mustn’t forget the key principles that we know are essential in delivering successfully.

Time and time again we see the same issues during Transformation and Change programmes:

• Sponsorship and leadership is weak, absent or ineffective
• The programme wasn’t defined and mobilised properly
• Governance is confused, delegated and ineffective
• Leadership is disjointed and dysfunctional
• Communication is weak and confidence/momentum are low

GDPR is on most people’s agendas at the moment and it feels like an approaching storm which we cannot stop coming straight for us.  We don’t have enough time to do everything by the date it arrives, so we need to prioritise what is business critical and what we need to schedule into logical phases in the project plan that will enable us to optimize the management of the storm when it hits.

GDPR will however present new challenges that we will have to adapt to. Thought leadership will be key, assessing risk and making priority calls on what and how we react to the new regulations. This will highlight a need for behavioral change, its simply not ok to just carry on because that’s what we have always done. Therefore, the GDPR Change environment will focus the need for us to adapt our approach  and create the right culture for success.  Collectively we need to agree what’s essential for May 25^th (when the regulations come into force) and what can be delivered as part of a continuous improvement plan for the future, we can’t so it all at once.

From a programme delivery and stakeholder engagement perspective, our focus must be on bringing GDPR to life in our organisations but this doesn’t mean we can ignore those proven key success criteria. So, let’s focus on 5 key areas.

1. Remove the regulatory jargon 

Talk in terms that your business knows, can understand and can relate to. Give the right level of information and guidance to the right people and use more dynamic, innovative and visual formats to get your messaging across, such as vBar: 

Don’t swamp with the detail when not necessary, this can be very intimidating. Make the appropriate use of SMEs and make it mean something for the individuals and teams in the organisation.

2. Remember the basics of Change Leadership

Plot the course before you begin and then navigate. GDPR does not change that:

• Effective leadership & governance
• Clarity of vison and scope
• Structure and roles
• A clear and living plan
• Open and pragmatic pre-emptive risk and issue management

3. Create an honest and open, no fear environment 

This will ensure effective risk assessments can be completed. Understand what you have where you are today; totally honestly. You must have a clear and agreed start point to have any chance of reaching your goals.

4. Communicate

The GDPR changes will form part of a journey for your organisation, with some immediate needs for May 25th and beyond. Keep people informed, show them the what and the when and take them on the journey with you.

5. Adapt and change

Whilst we must stick to the core principles of change leadership, this should not stop us adapting and tweaking our process and methodology. If delivering the GDPR changes won’t fit into our current approach, adapt. It's not necessarily Agile delivery, but take an "Agile mindset." By adapting our approach in a controlled environment we are championing change to all.