With 25 May 2018 fast approaching, the pressure to get your GDPR compliance training in place is mounting. But, for once, Google isn’t much help. A simple search for ‘GDPR training’ yields nearly 3 million results in less than a third of a second. Narrowing the search down to ‘GDPR training London’ only halves that number of results, still leaving us with 1.5 million options to wade through. How do you know where to begin?
“You don’t have to be an Ad to work here, but it helps” — how Strategic HR will be the new Don Drapers
As HR moves from the operational to the strategic there are going to be changes.
HR is now responsible not only for the operational needs of payroll, reward and recruitment, but also for growing the greater brand culture.
Culture is of course all-important from a compliance perspective. From Travis Kalanick at Uber to Trafigura dumping toxic waste in the Ivory Coast, movements fail not because the controls were too lax but because the value culture was absent amongst the worker population. Likewise, I would say that for compliance breaches, reporting and process failures are not entirely due to ignorance, but because employees don’t feel responsible. You can’t police every infraction. You’re going to need strategic methods of improving compliance.
Modern slavery is still a huge ongoing global issue, with 20 to 30 million people still estimated to be enslaved in 161 countries worldwide, and 20 new suspected victims found in the UK just this morning.
The Modern Slavery Act 2015 requires all businesses with a turnover of over £36 million to publish a statement setting out the steps they have taken, during each financial year, to ensure that slavery and human trafficking are not taking place anywhere in their supply chains and in any part of their own business.
It’s a small step towards greater regulatory control and awareness of modern slavery. However, the current issue with modern slavery reporting is twofold. Firstly, added documentation is often used as a salve for insufficient understanding resulting in additional paperwork being created, but little impact on-the-ground. Secondly, accountability tends to be pushed down the supply chain, with confirmation of good practice being asked of the next in the chain until we reach those with no interest in acting honestly, or who simply don’t care.
Learning could address both these issues of understanding and passing the blame, but it isn’t being used to do so. Here’s how it can, and why it should.
As a teenager I applied for a job as a cashier at a major high-street pharmacy. The first round of assessment, with compliance in mind, was an online quiz on good practices and ethics. We had thirty statements and had to give a true or false answer to each. One of the statements was:
True or false: “It is always wrong to steal.”
Quite a stupid question to offer a generation that grew up on Aladdin!
And so, within minutes of interacting with an employer I was being trained to lie to them. Rather ironic for a test designed to ensure quality of character. In comparison, I applied for a similar position at a popular British department store. They had an excellent test that put you on the shop floor with day-in-the-life challenges. I tried to follow the same line and rightly failed. Their ethics test was good, it filtered for dishonesty and heartlessness.
And yet, even as good Instructional Designers, we all too easily fall into the trap of writing compliance interactions like this:
Many of us, after what seems like weeks of eating, drinking and being merry will vow to start the year with a healthy new outlook. Resolutions to ‘cut out wine’, ‘eat more veg’ and ‘start jogging’ will be flying around. Many of these will have been given up on, if not completely forgotten, by January 15th.
So I’m here to make 2017 the year that you stick to at least one resolution, because I’ve got some really great, easy ones for you to put on the list. I give you –
Emily’s Learning Resolutions
I have a friend called Ed. He is smart, alert and doesn’t try too hard to be funny. Separate to this, he is a Reinsurance Analyst. No-one knows what a Reinsurance Analyst is, few care to find out. This creates a quandary because he likes his job, it’s interesting and he wants to talk about it. But it’s hard, because there are few ways to sell Reinsurance analysis without trying too hard to be funny. Few listen.
It’s 7:05, you left the house two minutes late, struggled with your keys in the door and have just got to the end of the road to see your bus heading towards the bus stop at a startling rate. You have two options here – your survival instincts kick in – it’s fight or flight time. Instead of waiting for the next bus and risking being late for work you choose the latter. You set yourself the target, “if I can get there in the next six seconds, I will make it and the rest of my day can run to plan.” So you run, legs flailing and briefcase akimbo, feet pounding the concrete. You see the queue of people lessen and you know that any second now that plastic door will shut and your dreams will hit a harsh reality. But no! The adrenaline pumps through your body and pushes you just that little bit faster and you slam your hand out just in time. You made it! The driver laughs, your fellow passengers woop and applaud. As you make your way down the centre aisle, school children, ladies with prams and pensioners high five you and congratulate you on your achievement. Well…not quite, but it feels pretty good to set short term goals and achieve them doesn’t it?
It’s almost the end of the year. Soon, you’ll be enjoying some down time with your family and friends, and having a break from your manic routine! You really need it, especially as last week, you had the mother of all incidents at your company when someone managed to send a data file of all your customers to your supplier. That was more than a cold shower, given all the time and money you’d spent on your compliance training strategy! And now, you have to find an appropriate solution to cope with the first visible disasters that have arisen, and all before the office closes this Thursday….
If this sounds familiar then I might be rubbing salt in the wound here, but there’s at least three ways you could’ve avoided this.
It’s Monday morning in the busy life of a compliance officer. Fresh off a great Strictly weekend (you still can’t get over Helen’s exit) you are absolutely raring to go, ready to attack the week. As your monstrously slow machine turns on a flood of emails appear. There has been a breach, the mother of all breaches, the Titanic of all breaches. “How has this happened?” you wonder aloud, “we’ve just rolled out a suite of information security elearning!” “We’ve blown most of the compliance budget on these courses” a nearby colleague mutters grimly.
With seemingly a breach every week since October, I’m sure this is a scenario that has played out in many organisations. But the fact is information security is changing.
No, the answer’s not having a very good lawyer or an alert public relations officer. The rules to the game have changed!
The Environment Agency has grown a sharper pair of teeth. It has recently used its new sentencing powers against a utilities company to make a statement:
- Fines for environmental breaches are now going to be much, much higher…up to a 100% of a company’s pre-tax profits!
- No excuses will be accepted. Companies should allocate means to prevent or fix any environmental issues their business may face, no matter their size or financial situation.
- Self-monitoring and inspection checks are no longer the only means of reporting incidents. The general public has access to a 24/7 hotline.
We’re used to seeing dramatic depictions of corporate misdeeds in Hollywood movies. But usually the focus is more on a black and white moral message than on the mundane reality of business processes. The bad guy gets his comeuppance at the end, but what you don’t get to see is the two thousand page report put together by the regulator. The harsher sentencing guidelines highlight that the consequences for companies getting things wrong aren’t the same as in the movies, but they’re very real nevertheless.
Nothing can quite disengage me as much as being forced to complete a task, when I can’t see the point of it in the first place.
That’s how I used to feel when I had to wake up early on a Saturday for the dreaded “Spring Clean”. Two things used to bother me about this. Firstly, it was just as likely to happen in November as in April. And secondly, I couldn’t, at the tender age of 7, see the benefit in it for me. Why was I cleaning when I could’ve been playing football, riding my BMX or better still playing even more football?
That’s how I think most people feel about compliance training. Even the word itself removes choice from the equation.
So how then do you engage learners from the outset and throughout? How do you influence a learner to choose to be impacted?
Enter Dale Carnegie. Not literally Dale Carnegie, but his book “How to Win Friends and Influence People”. The book sets out a framework for people to become better influencers in their workplaces, schools and homes. But why is this relevant?
It’s that time of year again. Good food, apocalyptic weather, spending time with the family and finally getting the tablet you’ve been dreaming about. But it can also be a risky time for many organisations. Putting the office party compliance ‘nightmare before Christmas’ to one side, there also is the issue of bribery.
As compliance managers and training managers will (hopefully) already be aware, the Bribery Act 2010 will be coming into effect on 1st July this year. That means the clock is now ticking – there are less than three months left in which organisations can train their people to ensure they and the business stay on the right side of the law.
Compliance training has a bad reputation for being little more than a box-ticking exercise. But here at Saffron we believe it’s absolutely possible to create effective, engaging training that achieves both competence and compliance. Read on for our top five tips for breaking the mould and delivering gold standard compliance training every time.
A couple of days ago I read with interest Clive Shepherd’s latest blog post in which he refers to his recent experience on the other side of the fence, as a student rather than designer of compliance e-learning. He draws the conclusion that it’s hard – if not impossible – to create something that achieves both competence and compliance. This is a topic we’ve broached before on the Spicy Learning Blog and I admit my thoughts on this are perhaps half-formed (or, more accurately, ever evolving), but I’m not entirely sure I agree with Clive…