When you got out of bed this morning, was your first thought,
"I need to be compliant with data protection legislation today!"
No, it wasn't.
If you were thinking about data protection and privacy at all, it would have been in very different terms.
Yet if you were to pay any attention to the stock narrative around the subject, you would be forgiven for thinking everyone wants to tell you what to do.
"You should be compliant". Or it's close cousin, "what you're doing isn't compliant!".
It's not much fun being told what to do. None of us likes to be told what to do.
Which means that when data protection and privacy interrupts our working day, we don't like it very much. As human beings, we can often put huge effort into not doing what we're told.
And when it comes to observing data protection principles and upholding individuals' rights, that can be bad. When businesses go into a sort of, "corporate huff" and will only begrudgingly do as they are told, the outcomes are often disappointing and a waste of everyone's time.
Do you want to be doing data protection and privacy management because you want to be "compliant"?
Nah. Of course you don't. As an outcome of your working day, it probably doesn't really get your motor running. You want something else.
So why would you want to do this data protection stuff? What would you want to get out of it?
I worked this question through with a few prospective clients and this is what they told me:
Because I want my direct marketing to work better;
Because I want more customers;
I want a better relationship with those customers;
I don't want people to feel they might be vulnerable every time I ask them for their information;
I want to demonstrate to people that I can be trusted with their data;
I want people to share their data with me;
Because if it all goes wrong I want to be able to prove I made an effort - I didn't just sit here;
Because I don't want to be the one they all point at if there is a data incident, or have to read about what lazy journalists or bloggers think has gone wrong;
So that on the day something goes wrong I already know what my next step will be. I don't want to be tring to work that out on my own when I'm under fire!
Because I want to look after my team.
These are examples of what reasonable business people said they wanted as outcomes.
You see, when you mention, "compliance" or "GDPR" or "privacy", the defences go up. Business managers deny themselves the benefits of being able to use data responsibly because they associate it with being told what to do. Usually by someone who doesn't understand how the business works.
The data will always flow. Your job is to be part of that flow. Only then can you find the value in data.
Compliance with law is important, of course it is - but it's not what drives you want to take responsibility for treating personal data with respect. What drives you is the prospect of becoming a positive part of the flow of personal data. The flow that drives your ability to generate customers and attract skills.
Align your data protection and privacy work with what really matters to you - something in which you take a strong personal interest.
Because there's no point in being compliant and then promptly going out of business, is there?