GDPR – it’s a Culture Thing

Published on: 27th July 2018

One of our directors had an interesting experience yesterday.  He was in a well-known high-street supplier of medical services (name withheld to protect the guilty) and was being asked a series of preliminary questions by a junior member of staff wielding an iPad.

At the end of the questioning, he was asked ‘because of GDPR’ to confirm which methods of contact he agreed to, and whether he was prepared to accept marketing information (he said No to that one).

All fairly typical stuff these days – except that the whole exercise struck him as somewhat farcical.  It’s all very well asking a couple of questions ‘because of GDPR’ at the end of the process, but he’d just had someone verbally confirming his date of birth, home address and other potentially more sensitive data in an open-plan waiting room.  Within a few minutes, he was unwittingly aware of the exact age and pertinent details of a couple of other waiting customers.

This is a classic example of completely missing the point of GDPR.  It isn’t just about consent for mailing lists and a tweak to your privacy policy – it’s about changing the culture of your organisation so that respect for the privacy of personal data is baked in to everything you do, on or off the technology.

If you're looking to improve your GDPR/DPA18 compliance in your organisation, take a look at our PYXI for GDPR software which is designed to help.

PYXI GDPR Team: 27th Jul 2018 10:05:00