This is a guest post by Patrick O’Kane, Data Protection Officer and author of the book, “GDPR: Fix it Fast!”

Saying sorry is fashionable these days. From philandering politicians to incompetent CEOs, it is often the norm to confess all when you throw yourself at the mercy of the public. Back in the Nixon era, politicians and titans of industry often kept their heads down and hoped it would all blow over. Often it did. No longer. We now live in the Age of Accountability. And there are new rules in place around ‘fessing up when you lose customer data.

As a barrister and Data Protection Officer for a Fortune 500 company, I have been advising businesses on these new rules.

Facebook have just come clean about the fact that up to 50 million Facebook accounts may have been accessed illegally by hackers. They have ‘fessed up to the 50 million users involved.

We can lose customer information in all sorts of ways; from leaving a laptop on a train, to emailing customer spreadsheets to the wrong address, from having your customer website hacked to your having your IT systems fail. These losses of information are known as “data breaches.”

Remember the GDPR that you kept hearing so much about earlier this year? Well, under GDPR there are new rules about when and how you must come clean when you lose customer information. If you break these rules, by not reporting such a breach or not reporting it quickly enough then you could be in line for a major fine. The maximum fine for not reporting a data breach is an ulcer-inducing 2% of global annual turnover or £8.87 million.

My 3 tips for your business are:

1.       You do not have to report all data breaches – There is a myth that…

We’ve all been there.  It’s the fourth time you’ve contacted that manager about doing his training.  You’re beginning to feel like a nag.  But what can you?  The training has to be done, but he just keeps ignoring you.  It’s maddening.  You want to scream, “What’s the matter with you?!”  Instead of getting yourself drug into the human resources office with this shouted question, try one of the following questions instead.

When would be a good time to get started?

According to Phil M. Joes, author of Exactly What to Say, The Magic Words for Influence and Impact, using the words, “when would be a good time” is a highly effective way of getting past the “I don’t have time!” obstacle.  This is because, “you prompt the other person to subconsciously assume that there will be a good time and that no is not an option.”  When you ask the manager when it would be a good time to get started, you’re assuming that he’ll be starting the training at some point, and his response should commit him to a timeframe.

When shall I check back in with you? (…)

Ding. Ding. Ding. Email. Email. Email… For many compliance professionals, communication takes place only one way – via email. It’s estimated that the average employee receives 121 emails per day. While email can be a valuable way to communicate en masse about compliance policies and requirements, it’s not always the best way to communicate. What else can you do?

There are a variety of great ways to communicate to the whole employee population. Not only can some of these channels be more effective than email, but by varying the way you communicate, you’re more likely to engage your employees and pique their curiosity. If you’re in an email rut, how can communicate more effectively? Here’s a checklist of 20 communication channels that you can use instead of email. Why not try:

o Videos from compliance

o Videos from the CEO / managers

o Intranet messaging

o Screensaver messages

o Via e-learning platform

o Live meetings

o Live training

o Whitepapers

o Podcasts…

Nearly every start-up in Silicon Valley wants to be known as a “Disruptor.”  Disruptors challenge the status quo, revolutionizing markets and taking down once monolithic companies that have dominated the market for years.  Think Uber to the taxi companies, or Amazon to bookstores. 

Disruption doesn’t just occur outside companies, it can occur inside them as well.  When disruption hits, the “way we’ve always done things” can be shaken.  Times like these may seem chaotic, but they can also be taken advantage of by savvy compliance officers to bring in a new order.  What are some common disruptors?

1.      New management

When a new CEO come in, or a new key manager is appointed, it’s time to move the goal posts.  The new CEO will come in without knowledge of “how things are done here.”  He or she may even have a mandate to change how things are done.  Present your vision of how you think the compliance department or program should be run, not the way it’s always been run. 

2.      Company restructuring