How to forge a strong GDPR learning campaign
3rd April 2018
We’re just weeks away from GDPR (General Data Protection Regulation) coming into effect. But, if you’re still unsure about the best training strategy to make sure everyone in your organisation is ready, you’re far from alone.
The recent events at Facebook are a wake-up call to anyone who believes data protection isn’t important and that implementing measures to meet the regulations is something that can wait.
GDPR tightens existing laws and provides added data protection safeguards for individuals, so organisations need to be as watertight as possible. You’re not just safeguarding data, you’re also safeguarding your reputation and people’s trust in you.
GDPR requires ‘data protection by design and default’. So it’s not just about processes, it’s also about providing training and awareness for colleagues. With something as significant as this, the training can’t simply be a ‘one and done’ exercise. Employees will need ongoing support.
Smart companies are adopting a ‘holistic’ approach to GDPR training, using a multi-discipline learning campaign to get everyone on board at the start and to create a compliance culture for the long-term. With GDPR, it’s advised that everyone, including HR, L&D and even the Board undergo the training alongside employees.
The anatomy of a GDPR learning campaign
An effective learning campaign has three phases:
Physical symbols in the workplace environment, like posters and banners, are great for signposting in a positive way that change is coming. Most importantly, it’s your chance to let staff know they will have the support they need to move through the change successfully and confidently.
The ‘go, go, go’ phase, where the big push of the learning goes live. It’s a good idea to get this phase under way with a launch event because it grabs attention and inspires enthusiasm. The launch is followed up by a variety of tactics to keep people motivated while they’re learning.
This phase is particularly important for ongoing topics such as GDPR. You don’t want the learning to slip from minds, with the potential risks involved in the event of a lapse. Again, signpost refresher sessions clearly, so staff know this is part of the same learning campaign.
"You’re not just safeguarding data, you’re also safeguarding your reputation and people’s trust in you."
Activities that work well in the three phases
You want to kick start the campaign in a way that engenders ‘buy-in’ from employees, so banners, balloons and social media are all good tools to make an impact during the preparation stage. At the same time, team leader training will give them the knowledge and skills they need to be able to support their teams through all the phases of learning.
One of the advantages of a learning campaign is that during the activation phase, you can include a range of activities that keeps the learning fresh and has a ‘something for everyone’ feel. The mix, for example, could include daily learning hubs, microlearning, practice, coaching and a learning game.
A game is a particularly powerful tool for the activation phase of a learning campaign because it offers a user-friendly way to engage people in a complicated topic, such as GDPR. Through the game play people learn and practice what they need to know. Sponge has developed a game specifically for GDPR, which is suitable for all low risk employees. GDPR – Sorted! is experiential, allowing players to apply their knowledge and make decisions that mirror real life GDPR challenges.
The sustain phase will keep the learning going throughout the duration of the campaign, with activities such as continuous reinforcement and coaching. Topic refreshers every four to six weeks also help to instil the learning. Appointing GDPR champions, who can answer questions and motivate colleagues, helps to maintain the momentum.
Finally, measuring success and proving impact should be an ongoing commitment in the campaign. Choose the tools that enable your organisation to measure people’s growing knowledge on GDPR, their behaviours on the job and how this affects data protection and compliance in the business.
The introduction of GDPR on 25 May will affect all organisations and all staff to a greater or lesser degree. Using a carefully constructed learning campaign with a variety of activities over time is the most effective way to ensure everyone understands what they need to know.
For inspiration, take a look at how a blended learning campaign by Sponge transformed customer satisfaction results at AXA Business Insurance. Customer advisors at the company’s contact centre in the UK took part in the triple award-winning Inspiring Customer First learning campaign in 2017. Positive customer comments and top-rated calls both doubled, while formal complaints dropped by 24%.
The workplace challenge might be different but the anatomy of the campaign is the same.