How to Create a Data Privacy Culture in the Workplace with the help of the GDPR?

Nov 8, 2019 12:00:00 AM | How to Create a Data Privacy Culture in the Workplace with the help of the GDPR?

When the adoption of a new European privacy regulation has began back in 2016, it has raised a lot of questions and uncertainties. With it’s full enforcement in May 2018, the speculations have come to an end, and now after over a year since it’s enforcement, we are able to see the first effects of the GDPR. While many businesses first saw the regulation as a potential obstacle, since then, numerous business benefits have come to the surface deriving from the GDPR, as well as a significant impact on our society’’s approach to privacy. In this blog post we will go through these benefits and how these can help you create a business culture around privacy.
culture shift gdpr

Why the GDPR strengthens business

A key benefit experienced by businesses since then is that they are able to create customer and business transparency throughout their operations, an aspect that is increasingly becoming important to consumers The GDPR’s introduction therefore was not only a consumer data safeguard that businesses would need to adhere to so that they would avoid fines, rather it opened up opportunities to better business productivity, transparency, efficiency, and contributes to an overall improved stance on how things are done. 

But how did the regulation create a culture shift centered around data privacy that not only resonates within the general public, but has major implications for the core values of businesses?

The general public has pivot to a more data privacy centered culture

Due to the transparency around data protection through the GDPR, consumers today have a much higher awareness on how their data may be collected, how it is processed, and the purpose of collection and processing that data. This has naturally implied pressure on businesses, not just by the regulation itself, but by the consumers and the clients they work with. Data protection watchdogs and NGOs working towards data protection are also more active today than ever before, keeping a close eye on businesses and their practices in regard to data management.

Not all companies welcome this culture shift


Many businesses still struggle to incorporate the GDPR ́s values with that of their own. In fact, since the introduction of the GDPR, a study done by McDermott Will & Emery in September 2019, revealed that from the 1,263 organisations, only about 30% of companies considered themselves GDPR ready. Not only are businesses that remain unready put themselves at risks of financial and reputational penalties, but they also hold themselves back from the many benefits of being GDPR compliant can bring.    

The positives of embracing the culture shift

If a business only sees the GDPR as an operational “obstacle”, the very importance of it wouldn’t have the priority it evidently requires from all departments. As the growing number of fines and penalties increases over time, it has become apparent that companies that are less committed in being compliant are at greater risk. 

Whereas companies who do take the measures seriously, result in having a higher level of trust, reputation and the overall business stance that may differentiate them against competition. A further awareness around the importance and value of data continues to drive customers to care more about how and why their data is being used. As customers are more willing to share this data to businesses who are transparent, more and more companies are taking this into account and putting the value of customer data in before their strategies, which as a result has shown significant positive outcomes. Creating an overall atmosphere where employees take further responsibility towards this value is the key to embracing the culture shift. In the words of Elizabeth Denham (the UK´s Information Commissioner) “organisations must better protecting the data of citizens and consumers and a change of culture that makes deeper data protection accountability a focus”. 

As data becomes the new oil in the current digital economy, companies may need to consider different approaches which might require a need to change the way things are done. Seeing this as an opportunity, rather than a threat would be the right way to slowly pivot. Implementing the appropriate principles according to the GDPR, designing ways on how to combat the likelihood of a data breach or a data leak and at the same time maintain the core business values will make way for improvements such as:

Being more aligned with technology and software
Storing and gathering more valuable data through consent and opt ins
Ensure the security of sensitive information

Creating a data privacy culture within your business


Creating a data privacy centered culture in the workplace isn’t a task that's done overnight, nor is it a task that can be achieved on an individual level. Creating a data privacy culture will need the involvement of all employees, and all departments. Focusing only on the bare necessities to comply with the GDPR may not be enough

Pointing out the benefits, the values, the reasons behind why it is the way it is, and taking the time to practice this sense of respect around personal data internally could be a good way to further push for a shift towards a culture evolving around data privacy. It is important that privacy compliant measures are taken both externally with consumers and internally between parties in the workplace which will push each department within to understand the opportunities it opens up as well as the dangers of not keeping it up.

Inspiring parties within the business through these measures will eventually create a sense of urgency and the overall aligned view of data privacy values. Though it may seem like a lengthy task, the benefits will surely come through. An example to such a practice could be how businesses now have to regularly keep online marketing tactics aligned with the GDPR, by making the extra steps needed to ensure that compliance becomes a habit. To know more about how you can create this sense of urgency around the importance of data privacy, have a read of our Whitepaper, laying out a detailed step by step guide on what actions can be taken. 

The culture pivot is an opportunity, just as the GDPR is

Companies may need to make this pivot before they are forced to do so. What is important to note here is that being GDPR compliant should not be seen as just another task that the businesses must deal with. Rather, it should be seen as a growing opportunity to further explore the way they can improve external connection (with the general public) and improve internal connection as well. Businesses that take time to prioritise the necessary steps to strengthen their compliance, may indeed change the view of the GDPR from a threat into an opportunity.