When It Comes to GDPR, Human Error May Be the Greatest Risk Companies Face
Your company is preparing for the implementation of the General Data Protection Regulation (GDPR) by changing its security policies and procedures this winter, and as the manager of a department in a large organization, you’re nervous.
Because you work at a company in the private sector, the employees in your department have never had to report information breaches before. Now, however, your whole staff must know how to spot a data breach, and must know how to report it.
The stakes are high; come May 25, 2018 your company must report all data breaches to the correct authority within 72 hours of someone in your department noticing the breach, and must promptly notify any individuals whose data has been compromised.
If those things aren’t done, the whole organization can be fined up to €20 million, or 4 percent of global turnover, whichever is greater. And that’s just one major policy change. New changes are coming down from the C-suite every week, it seems. How do you make sure that your staff are compliant? You email them about every change, but you suspect they’re not reading your messages.
Human error, information overload, and GDPR
Human error is one of the biggest risks companies face when it comes to GDPR compliance. While many of the changes mandated by GDPR, such as encryption, will be automated, other important sections of the regulation require employees to be trained.
Staffers will need to read, understand, and apply the information in each internal message they receive about consent and data subject rights.
But how do you make sure that 100 percent of employees see, open, and remember 100 percent of the information they are sent about GDPR and security? Your employees are probably not reading every internal communication that’s sent to them; they are overwhelmed by email as it is. The average employee spends 28 percent of their work week managing email, and they tend to prioritize external email; according to APPrise, 30 percent of employees ignore internal communication.
That’s dangerous for companies who are disseminating GDPR information via email; even if most of your staffers do open and read your compliance-related messages, it only takes one or two employees ignoring a message about proper reporting protocol to put an entire organization at risk.
Getting your message through to everyone
So how do you make sure important updates are read by everyone? Harness the power of conversation. Chatbots and collaborative work platforms allow you to measure read rates, and deliver important information directly to every employee. (A chatbot can also deliver reminders to employees who haven’t read important information.