Firefighting and GDPR
Let’s take a break from our GDPR for Charities series to look at something that I believe is important to talk about but is usually ignored – but not for long as far as the protection of data is concerned.
No, I am not talking about fire engines, fire fighters and health and safety drills. I’m talking about a very familiar scenario that happens in most offices up and down the country. Yes, I am talking about the numerous “fires” that are dealt with on a daily basis.
Ok, analogies aside, let’s see if this is a scenario you are familiar with. You are on your way to the office and have mentally made a list of things you need to do for the day. The first hour goes by uneventfully and you even manage to get a couple of emails out. Then all hell breaks loose! There is some issue that needs your immediate attention. Begrudgingly you address the issue. You know what the problem is and have informed your stakeholders what action needs to be taken to correct the issue. Convinced you’ve done a good job in containing the problem you go back to your work. Before long there is an important report that needs to be produced and needed to go out yesterday. You are tasked with completing the report to keep the client happy when suddenly there is a call from another stakeholder. This time it is another issue that you had dealt with two weeks ago. Since you’ve already sorted the issue out before you know how to contain this new occurrence of the same issue, you sort it out and inform your stakeholder what needs to be done to correct the root cause of the issue. Your stakeholder as always agrees that something must be done but does not allocate any resource to correcting the issue. In the meantime the time available for you to complete that report is running out. You finally sit down to complete that report when the stakeholder who gave you the report now needs an amendment to the data based on a last minute request from their client. Does this sound familiar at all? If not, then consider yourself working in a company that has a good infrastructure. If on the other hand this sounds like your average day, you are working in a company that has a firefighting culture.
“Firefighting is the emergency allocation of resources that is required to deal with an unforeseen problem.”
It’s a common misconception that “fires” are unpredictable and that they must be dealt with immediately. However, a too-frequent need for emergency action may reflect poor planning, or a lack or organization, and is likely to tie up resources that are needed elsewhere.
The vast majority of daily interactions between the frontline and their managers revolve around events taking place that day. Anyone who has experienced these interactions can recognize that the intense focus is always on today’s fire with little or no regard given to what will happen tomorrow, next week, next month, or next quarter.
This firefighting mentality can only have one of two outcomes. Either the fire is extinguished or an excuse as to why the fire cannot be extinguished. Either way – the actual cause of the fire is not being dealt with. Most managers can see that this frenzied approach is undesirable, but are often frustrated when their initial attempts to change it fail. Usually the fire-fighting culture has become so ingrained in an organization that only a radical change in behaviour will produce a lasting change.
This is where GDPR comes in. In a post GDPR world, as far as data protection is considered – you are bound to fail (or end up paying hefty fines) if your organisation uses a fire fighting approach. GDPR is unforgiving when it comes to personal data. Not knowing where the source of your fire could prove to be a very expensive gamble.
So, while you won’t put up with a firefighting culture in real life (it simply is not a sustainable business model), why then is it ok to think that you can deal with GDPR like it is another fire. GDPR is not a fire but a firestorm. So to be prepared for it, you’ll need to be in the process of implementing your data protection guidelines now.
Address the root cause and your fires will slowly but surely reduce (if not fully go away).
Here’s where we can help:
Totale Learning create bespoke GDPR solutions (consultation, training and development, etc.) that is tailor made to your business. Our experienced consultants will help you through your GDPR process and when required, we’ll use specific training content that is relevant to your sector, industry and company. Get in touch with us at firstname.lastname@example.org or visit www.totalelearning.com. You can also contact us on LinkedIn, Facebook or Instagram.