It’s May 2018 and everybody is talking about GDPR. You would think that awareness is the last thing we’d be needing more of, but delivering training in this area is something I’m passionate about and am spending a lot of time doing.

Training is something that the Information Commissioner’s Office specifically mention as being essential for compliance and is one of the first areas of assessment in their investigations. Hopefully it’s something that every organisation is rolling out and making a real difference.

But sadly, the positive impact of training is often temporary. People return to their busy day jobs and carry on as before. Not much has really changed. But at least there’s a tickbox on a project plan somewhere that has, “Deliver GDPR training” with a big tick in it. And that makes people compliant right?

Clearly not.

It’s easy to lose sight of the real goal here. Training is not the objective, good data handling is. We want people to think and behave a certain way, every day, and training is only a small part of that. But dictating an organisational mindset is no easy task. As the famous Management Consultant Peter Drucker said, “Culture eats strategy for breakfast.” If your organisation is like those you’ve seen in the press recently, being investigated by the ICO, then you’ve an uphill battle on your hands.

One of the things that impressed me most upon joining the team here at FSL is the respect everyone has for the data we hold. Whether they be business analysts, software developers or product testers, they know these financial records represent the world to their owners and so give them the rightful care they deserve. And it’s no accident. I’ve since learned that this culture of data protection has been nurtured over many years throughout all aspects of the business.

Building a good culture is one thing, but maintaining it is another, and we’re investing heavily in continuous improvement, with my appointment as Data Protection Officer underpinning it. This is a never ending task. Systems change, people change, and threats change and we have to keep staying ahead.

A question I’m often asked is, “Why bother?” And it’s a fair question. If you can get away with cutting corners then why wouldn’t you? On a purely business level this makes sense. But for us it’s not about that. It never has been. We go the extra mile because we think it’s simply the right thing to do. This is our culture and it’s one that we’ll work hard to maintain.