For everyone struggling with implementation of the new European General Data Protection Regulation (GDPR), Patrick O’Kane has written a fabulous new book called GDPR – Fix it Fast: Apply GDPR to Your Company in Ten Simple Steps.  I wrote the Foreword for the book, and am so proud to be involved.  The following is a guest post by Patrick O’Kane.  The Kindle edition of the book can be found here on Amazon.  The hard-cover edition will be available Jan. 1.

How to fix your company policies for GDPR – Three things you need to know

Do you ever sit at a desk trying to read a company policy and find that the words are just not going in? Often company policies are written in the most turgid, dull and unintelligible language.  The consequence is that employees never read them, much less remember what they sat.

The European General Data Protection Regulation (GDPR) requires companies to be smarter than that. Under GDPR we must be more accountable and be able to “demonstrate compliance”. Part of being able to show compliance includes having proper staff policies in place to help employees understand their data duties.

1.     The Essential policies – These are the ones you MUST have.

What’s the single best perk you can negotiate for next year?  A 2% raise?  Maybe.  A better 401(k) or pension contribution?  That’s always nice.  But if you really want to crank up your skills for next year, ask for a learning budget. 

What’s a learning budget? 

A learning budget is simply an amount of money set aside by your employer to pay for your skills to be improved.  When I was in private practice, they called it a “book budget,” but it could also be spent on electronic books, magazines, or trade publications that would enhance my ability to do my job effectively.

How much should I ask for?

I’ve seen learning budgets range from $50 - $1500.  The average is about $250.  It may be easier to get budget if you ask for a specific resource(s) – say, $400 to attend four SCCE webinars or $300 to attend the updated Wildly STRATEGIC Compliance Officer Academy online course.  You might also consider asking for services with a monthly cost, like a subscription to the Wall Street Journal, which will be a small monthly fee but will give you great new content every day.

If your learning budget is big enough, you may be able to use it to take you to conferences like the fabulous SCCE European Compliance and Ethics Institute (March in Frankfurt!) or other compliance-related events.   Books, magazines, trade publications, webinars, conferences – the choices are endless.

What should I spend it on?

Want to raise your profile, meet new people in the industry, benchmark you program against what other companies are doing and potentially, find a new job?  One of the best ways to do this is to join a compliance-related organization.  But how do you find one that best suits you your needs and personality?  Let’s look at three types of organizations – large international non-profits, small local organizations, and those run by for-profit companies.  Which one is right or you? 

Large International Non-Profits

Groups the like Society of Corporate Compliance and Ethics (SCCE) and the Ethics and Compliance Initiative (ECI, formerly ECOA) are large international organizations created entirely to promote the compliance and ethics profession. 

Large international non-profits have the benefit of scale.  Everything they do can be done on a large level.  For instance, the annual SCCE conference in the fall typically has around 2,000 attendees.  There are ten different tracks of sessions for different professional needs.

The downside to the large size of the SCCE, ECI and others is that it is easy to feel lost in the group.  Unless you proactively work to make friends or to be involved, it’s common to not feel a part of the organization, and to lose interest in it.

Smaller or Local Not-for-Profit Groups...