Guy Marson, pictured, Managing Director of data science and marketing services company Profusion, discusses how the digital skills gap will affect the General Data Protection Regulation (GDPR) preparations.
The UK is suffering from a near-chronic skills gap. That’s nothing new, it’s been going on for a while now and nobody can figure out (yet) how to plug it. Funny enough, it’s not Brexit that is bringing the practical implications of the skills gap into focus for many companies, but the significantly less headline-grabbing General Data Protection Regulation (GDPR).
Under GDPR, your business will be one fat finger moment away from a breach that could cost up to 20 million euros, or 4 per cent of global revenue. The legislation provides punitive fines for hacks, loss or misuse of data. ‘Misuse’ covers a multitude of sins which employees lacking in technical know-how will be in danger of running afoul of every day.
To make matters worse, to prepare for GDPR itself, you’re going to need staff who are specially trained in data protection, data management and GDPR compliance. As GDPR affects nearly every business and thanks to the skills gap, these people are going to be in extraordinarily high demand.
For some businesses, it may make sense to nurture staff from within. A quick search online will bring up many different GDPR training courses you can send your IT team and other technical staff on to get clued up on the Regulation. Some businesses will require a dedicated Data Protection Officer (DPO). Again, these people are likely to be in high demand and pricey to hire. One solution to this is to get yourself a third-party who can act as your DPO.
Then there is the issue of your other staff potentially leaking information, misusing data or storing it incorrectly. As part of your GDPR preparations, you should inform all your staff about changes to the way your company will have to handle and use data. Likewise, all staff should be educated on what constitutes a GDPR breach and how they should avoid it in their day-to-day work. Lastly, you should put in place proper data governance processes that every person has to follow.
As best practice, it’s worth doing a few different workshops with your employees to ensure the message really gets across. You’ll also have to put in place refresher and repeat workshops over the course of the year, to make sure the requirements stay fresh in people’s minds and to train up any new recruits. You’ll probably have to do several different workshops to cater for different technical abilities as well. A fresh-faced graduate who has grown up around computers is going to understand GDPR readiness a lot differently to someone who isn’t as confident with technology.
Between finding yourself a DPO and training all your employees in GDPR, it’s easy to forget about getting your data infrastructure and governance up to GDPR standards as well. There’s little to no point in getting your staff GDPR-ready if your data management system isn’t anywhere near compliance.
When setting out to prepare for GDPR, you should take a long hard look at your data infrastructure first, before starting on those staff workshops. That said, you could have a bit of a chicken and egg situation on your hands if you don’t have the correctly skilled staff to do an audit on your infrastructure and data in the first place. Again, to save yourself the hassle of hiring someone last minute, it’s worth considering some third parties who can audit your systems for you.
There’s a lot to get done before the May 2018 deadline when GDPR will be enforced. Due to the skills gap, it makes financial sense to get going now. Come 2018 the skills gap will make it a sellers’ market, potentially making the cost of compliance too much for some companies to bear.
