GDPR – The Culture change bit

Aside from the amount of work involved in preparing for GDPR last May, one of the big challenges is the culture change required to keep up the compliance momentum.

While we were working through all the analysis, risk assessment, actions and documentation last year you get a feel for those that are right behind you in achieving the objectives and those who just want you to go away. In my case mostly the former thankfully.

I’m sure we all go through internal audits of one form or another, it seems to me now (9 months on) is the time to bring in the audit teams to review our ongoing compliance and ensure we are not suffering from human nature/culture whatever you want to call it. We are certainly going through that process with Audit.

I would welcome Audit coming in. Don’t take that as an arrogant statement about compliance, its not. It’s mostly about the culture thing and peoples tendency to slip back into old ways. It’s about being complacent. People do tend to sit up and listen to Audit especially if the boss gets hauled over the coals and he/she becomes a red pen action on a report heading up the line. Oops, Culture!

I’ve listened to/learned from numerous discussions with peers considered to be experts in the area. Their response is usually: if you think you are fully compliant, you are probably kidding yourself.

We are just seeing the first actions being brought under GDPR, not mentioning any names. There are also cases being reported out of the headlines where the ICO will be reviewing particular organisations data protection practices. It’s clear this is moving into a higher gear now. It was also interesting to see how the data protection organisations worked together to determine which would bring charges in the major news item recently.

For anyone out there who wrongly thought they had a ‘grace period’ after May to achieve compliance it’s time to wake up and smell the coffee. I’ve certainly had first hand accounts about organisations who have done nothing and were waiting for the first legal cases.  Did I mention Culture.


Please have a read of our new blog entitled “I could have saved a million quid!” along with an invite to come and see the Sogeti Studio.

To learn more about the services we offer around GDPR, Data Security and Data Management please give us a call, as an introduction have a look at the appropriate sections of our website.

  • Andrew Crouch
    Andrew Crouch
    Managing Consultant
    +44 (0) 7786986284
  • Sogeti UK
    Sogeti UK
    Make an enquiry
    0330 588 8000
Print Email