
momius - stock.adobe.com
GDPR prompts businesses to use motivational tactics to drive culture change
Impending arrival of General Data Protection Regulation pushes organisations to use rewards or penalties to motivate staff to ensure compliance
Organisations are planning to adopt a carrot-and-stick approach to driving a change in employee attitudes to data management, according to research.



Infographic: 6 emerging trends in security
Download this infographic to discover 6 emerging trends in security that cybersecurity pros - and their employers - need to prep for in the next year. These ideas are taken from a keynote by analyst Peter Firstbrook at Gartner Symposium 2018.
In a survey of 900 decision-makers across eight countries by information management company Veritas Technologies, 91% said their business lacked a culture of strong data management.
However, as implementation of the EU’s General Data Protection Regulation (GDPR) draws closer, 88% of respondents said they planned to use contractual changes, penalties, rewards or educational training to motivate a change of attitude among staff.
The GDPR, which comes into force in May 2018, is designed to improve transparency about the data stored by organisations and to safeguard customers’ privacy.
According to the survey, the most popular method used by organisations to drive change was to add compliance to employee contracts (47%), followed by implementing disciplinary action if the regulation is disobeyed (41%) and educating employees about the benefits (40%).
Jason Tooley, vice-president of northern Europe at Veritas, said it was “refreshing” to see organisations understood the need to reward staff for GDPR compliance. “The introduction of GDPR is quite possibly the most challenging cultural change any organisation will experience as it impacts every employee, regardless of their job role or title,” he said.
The survey also found that 95% of decision-makers expected a positive outcome from compliance and 92% thought they would benefit from having better data hygiene.
Tooley said data hygiene needed to play a key role for organisations to ensure their stored information is mainly or totally error-free.
Read more on GDPR compliance
- Five common misconceptions from IT suppliers and customers about GDPR compliance.
- Veritas adds a new tool to its Data Insights analytics application, which uses artificial intelligence to identify potentially sensitive data.
- Businesses do not only need to be compliant with GDPR, but need put data protection at the heart of their business strategy.
“Mandatory contractual obligations are a good start to ensuring every employee understands the data policy and stay compliant,” he said. “However, to motivate change for good, businesses need to make data hygiene a daily habit. This means ensuring employees have the right tools and training to support their data management needs.”
In the survey, 68% of respondents said compliance would give them a better insight into their business, which could help to improve the customer experience. The same percentage thought compliance would save money, and 51% agreed they would be able to secure data more efficiently.
Tooley said GDPR compliance would create better customer relationships and, as a result, better brand reputation for businesses. “GDPR strengthens customer relationships and enables organisations to hire more people to deliver better customer services,” he said.
“The ultimate reward for those who take real steps towards compliance will be increased revenues, resulting from improved customer loyalty, heightened brand reputation, and competitive differentiation in the market.”
Start the conversation
0 comments