In an increasingly regulated environment and with more focus than ever now on personal data privacy – can you be sure that your processing procedures are up to scratch? A recent report highlights how re-assessing your company’s procedures with regards to collecting and managing personal private data is more important now than ever.
Why it’s important to check now
According to the June 2020 report from the Irish Data Protection Commission (DPC), which can be found here,
“by far the most frequent cause of breaches reported to the DPC is unauthorised disclosure (80%); whether by digital, verbal or other manual means. Manual processing – and consequently an inferred lack of robust processing procedures – is at the root of far more reported breaches than phishing, hacking or lost devices.”
This finding should be of significant interest to many businesses and perhaps an opportunity to re-evaluate accepted practices.
What can go wrong?
Stories of data breaches continue to hit the news, including reports such as “records were left on the roof of a car”, “a worker left a client’s records in another client’s house” and “wind scattered documents being carried by a staff member between buildings… 2 pages of a completed service application form were never recovered.” Other reports such as this one highlight problems including “administration errors such as documentation inadvertently left in a printer, documentation mislaid, an e-mail inadvertently sent to the wrong recipient” were some of the issues involved.
According to the DPC report “Since May 2018, the Data Protection Commission has commenced 24 Statutory Inquiries into multinational technology companies, in addition to Supervisory engagement which resulted in the postponement or revision of six planned big tech projects until such time as they could be reconciled with data protection requirements.” Its clear from this report that the DPC is actively investigating a high number of issues.
In fact, according to their report, the DPC has received almost 12,500 breach notifications, of which 93% were found to be in scope of the GDPR. The report goes on to suggest that “many of the breaches that the DPC examines could have been prevented by more stringent technical and organisational measures at source, which is a learning that the DPC will look to reinforce going forward.”
It’s clear from these and many other examples that some older ways of managing personal data and documents need to change.
But we’ve always done it this way!
Leaders in an organisation need to be wary of the “we’ve always done it this way” mindset. Resistance to change can come from a place of fear, especially if staff feel they may be overwhelmed or unable to understand a new technology. In many cases, it may seem easier to just stick with what you know. The problem is that the business world and operating environment around you does not remain static and one day you might find the older ways of doing things are not only unacceptable to your clients and customers, but actually place you at a serious disadvantage compared to more advanced competitors.
As businesses and staff all struggle to cope with the increased stresses and demands of operating in the current Covid-19 pandemic environment, it may be tempting to think that processing procedures are not the highest priority now. This could be a very costly mistake however, as the report mentioned above shows. In fact, there is no better time to stop and take stock of the way your business is operating. One of the consequences of the pandemic will be the increased adoption of data-enabled services and digital transformation in the workplace. As workers and businesses adapt to remote working and different staff and customer practices, this is the ideal time to ask the question- “How can technology help us to do this better?”
Leading a change program
The first step is to recognise the changes in the outer environment and fully understand the need for change
Once you have established the need for organisational change and decided to move towards improved processing structures and workplace digitisation, it’s really important to select people to lead the change. In a way, finding the right technological solution can be the most straightforward part of the whole effort, whereas changing attitudes and behaviours can be considerably harder sometimes. This is why it’s vital that there is a top-down commitment to making the workplace more digital and that leadership comes from senior management.
A key element is to identify the necessary tools to make change easier and most efficient. When you are looking at a new supplier or process, ensure that they offer complete training and support for the effort. You want to work with a vendor that regards the transformation as a partnership and is fully committed to providing whatever support is needed.
The next step is to win the support of the organisation’s employees on the change. Communication throughout the process is essential so everyone understands the reasons for the change in work practices and the expected benefits. This is also where top-down commitment is so influential. You could end up going through the whole process of evaluating and buying new tools or software only to later find people are still sticking to the simple tools they know and you’re not getting the benefit from all that outlay.
Finally it is vital to allow employees the opportunity to get adequate training and support as they transition to a new way of working. It’s obvious that the most brilliant technology is going to be ineffective if staff are not skilled enough to use it.
Here at PlanetVerify, we have worked with various organisations to help transform how they manage the collection and verification of personal data from employees, clients, and customers. We are always happy to provide training and support as long as required to eliminate the ‘fear factor’ of new technology. We also focus on making the user experience as intuitive as possible, so both enterprise and end-user can quickly adapt.
If you would like to know more, please get in touch to book a 15 min online demo of the system here.