Here at Softcat we're encountering a recurrent misconception that the responsibility for the new data protection regulation falls solely on the shoulders of the IT department. The reality is that GDPR compliance is a business-wide consideration that needs to be addressed by a number of different departments, with awareness raised across the organisation and active backing from the Board of Directors.
GDPR compliance stretches right across the organisation with involvement required from any department that processes personal data. Each of these areas will need to identify the role they play, carry out their own gap analysis and work towards the same deadlines and priorities. Departments need to understand that they are working towards a shared goal and that every person in the organisation has their part to play. Educating the business is the first step – to ensure employees are briefed and have the same, vital information.
Departments will have different responsibilities in achieving their GDPR compliance goal. Different steps will be required to get there and each area of the business will undertake their own actions. HR may need to deliver training to employees; Legal may need to look at existing or future contracts; Operations may need to work on the CRM or supplier database and there will be involvement and input from a whole host of additional teams. All these teams should sit on a working group to engage with each other and set a realistic timeline together so that everyone is on the same page.
Of course, there is an IT element to GDPR compliance and there's plenty of work the IT department needs to be doing. From security and data analytics to audit tools, there's an array of technologies that can help to automate and assist, but only once the groundwork has been done by other areas of the organisation and a plan put in place. GDPR should not be seen as an IT issue to fix, but rather a process that requires buy-in and action from many levels.
If your IT team is single-handedly struggling under the weight of GDPR, it's important that you raise awareness to the Board or senior management of your organisation. GDPR is an activity that involves the organisation as a whole and each member of every team needs to know about it. If it's being left to the IT department, a confident step towards your senior management or the Board is required. Advise them that a strong working group with representatives from across the organisation is necessary, with clearly defined roles and responsibilities, to ensure a smooth and efficient journey to successful GDPR compliance.
Softcat can help with this journey. We offer a range of services from a basic level of awareness and education, providing webinars and events, right up to a full consultancy including gap analysis and setting a project timeline.
We understand that the day-to-day roles of the IT team usually take priority and tasks like GDPR readiness can fall into the 'non-urgent' category. But we have seen that the best prepared organisations are those that deal with GDPR as a group, head-on and with realistic timelines.
Whatever stage you're at with GDPR readiness, we can support you. Get in touch using the button below or contact your Softcat account manager to see how we can best help.
We would love to hear any comments you have about this article!