As part of his regular blog counting down to the introduction of the General Data Protection Review (GDPR), Chris Hunter of HM Network compares feelings towards GDPR to those from the 1990s when Food Hygiene legislation was brought in.
GDPR is a good thing. It’s to help subjects like you and I take control of our data and have more rights about how our data is used. However many businesses are taking the opposite view about GDPR, saying it is an unnecessary hassle and a lot of work for no reason. I believe this view is incorrect. The regulations are being put in place to protect people’s safety and privacy. That includes you and I; we are all subjects.
When I was at College many moons ago, I had a part time job in a popular student pub called the Adelphi in Preston. My Dad was the Landlord there for many years. I did ‘on the job’ training doing my NVQ’s which would enable me to become a Bar Manager.
In the 1990s I remember doing what is often referred to as my “basic food hygiene” certificate which teaches you about the do’s and don’ts of handling and storing food products. I recall when the new legislation came out, many businesses were complaining it was all unnecessary work and a hassle. It turned out to simply be best practice and no one now would ever think of going back to those unhygienic days again.
Obvious things like making sure you wash your hands. Keeping raw meats on the bottom shelf so that they could not leak on items below. Using different coloured boards to prepare veg, raw meat, cooked meat, dairy, salad and so on. Obviously, understanding how to handle certain items properly helps you comprehend why the procedures are in place. Safety, to reduce risk of cross contamination, and ultimately reducing the risk of making someone ill.
OK so I can hear you say “how on earth does GDPR relate to food hygiene?”. If you think about it, organisations need to train their staff to comprehend why data privacy and the handling of data is important. To understand the risks of data falling into the wrong hands or being misused. To understand how cyber attacks/cyber crime can expose vulnerabilities and data can be leaked.
This is analogous to handling foodstuff – it helps visualise why procedures are in place. At first, making changes might take you a little longer to carry out a task but with practice and over time it doesn’t become a chore, it becomes part of your routine to ensure best practice. It becomes part of your company’s culture.
Cleansing procedures and storage policies are common in both food prep and data too.
Regular training and changing cultures in a business is key. Maintaining regular interaction with staff to make sure that they stay up to speed with current requirements, and that you can evidence they have done the necessary training is vital. If you get an inspection, you should be able to demonstrate what training has been given, who has done it and when.
Back to the food safety analogy
The Lancashire Evening Post run an annual report on how Preston’s pub, restaurants and takeaways score when it comes to food hygiene. This is in the public domain and is a record of businesses who clearly take pride in what they do and shames those who have less regard.
This information also needs to be displayed in the business’s premises. Being able to see how a venue scores on food hygiene gives customers an insight into how a business is run, how clean they are and how seriously they take their customers safety.
If you had the choice of two restaurants close to each other, one of them displays a Food Hygiene Rating of 1 and the other rating of 5, my guess is that you would choose the venue with a 5 as they work to a high standard and you should be at less risk of food poisoning than a site that blatantly has less regard for its customers welfare.
Venues with higher ratings use them as a status symbol, and quite rightly so. They should be proud that they score well, they run a clean operation. It can be used in marketing to attract customers. Venues with low scores still need to display them in public view, but I am sure they are less likely to brag about a low rating in any public facing collateral or marketing.
What you spend on getting staff trained, you more than make up for with customers through the door and money in the till.
Apply these same principles to GDPR, cyber security and data protection in general.
Just like complying with food hygiene, ongoing training and easy to digest modules over time makes training easy to manage. The little by little approach helps get your business up to a good standard, and maintain that standard.
- Get your business up to speed.
- Assess where your business stands at present
- Prioritise what needs doing first.
- Get your staff trained.
- Keep records of training and what you are doing towards becoming GDPR compliant.
- Regularly review and repeat.
Be proud to tell your customers that you take their data safety and security seriously. Over time it will most likely pay off with increased customer confidence and loyalty.
If you have any questions about what has been written here or want an informal chat about bite-sized staff training on GDPR and cyber security, please get in touch. We will always do our best to help.
Search hashtag #GDPRexpress on social media channels.
For news of our free upcoming GDPR awareness sessions and our “Social” events please see our eventbrite page https://www.hm-network.com/events/
If would like a further information any of the areas discussed in the blog posts, want us to put you in touch with specialists who can provide training or simply want to chat about connectivity you can email us at firstname.lastname@example.org
Or call 03333 444 190.
Also published at Boost https://www.boostbusinesslancashire.co.uk/inspiration/36-weeks-gdpr/