What is the Three Customer Insights Panel?
In business, nothing beats experience. What runs a close second is practical advice from your peers who have already addressed the challenges your organisation is now facing. That's why we've put together the Three Customer Insights Panel.
On a regular basis, we will pose the question of the moment to small-medium business owners and managers. We want to see what insights and advice they can offer, to help make your own path to growth a little bit smoother and perhaps even a little bit shorter.
Learn from Experience
Topic: GDPR - challenge or opportunity?
The new GDPR regulations have not been without their challenges, but they have also revealed unexpected opportunities for many businesses. How have other SMEs addressed the GDPR process and what impact have these changes made across their business?

We asked the Three Customer Insights Panel:
Security // 100 employees
Change is a process, not an event.

Paul Ennis
Managing Director, Keyguard Securities
My advice to other similar companies is to embrace the change rather than resist or fear it.
We all fear technology that we don’t understand so therefore it is important to conduct extensive research; educate yourself and your staff; be patient throughout; encourage new ideas to help with the process; and clearly communicate the vision that you have for the technology you want to use.
Keep that vision at the forefront of everyone’s mind, especially when times get tough during change. Remember that change is a process, not an event.
My advice to other similar companies is to embrace the change rather than resist or fear it.
We all fear technology that we don’t understand so therefore it is important to conduct extensive research; educate yourself and your staff; be patient throughout; encourage new ideas to help with the process; and clearly communicate the vision that you have for the technology you want to use.
Keep that vision at the forefront of everyone’s mind, especially when times get tough during change. Remember that change is a process, not an event.
Technology // 40 employees
The players will identify the need for change.

Peter Fox
Director, Digicom
It's very important to bring the key stakeholders along with the process. Bring together a task team – senior management, middle management, some from the 'factory floor' – even an effected client.
The key objective is to keep those most effected well-informed, then the players themselves will identify the need for change. The next difficulty is the day-to-day business distractions which may prevent us from completing the change. Yet even as we complete our changes we realise there is no end. We should make change management processing part of our weekly tasks within our business.
It's very important to bring the key stakeholders along with the process. Bring together a task team – senior management, middle management, some from the 'factory floor' – even an effected client.
The key objective is to keep those most effected well-informed, then the players themselves will identify the need for change. The next difficulty is the day-to-day business distractions which may prevent us from completing the change. Yet even as we complete our changes we realise there is no end. We should make change management processing part of our weekly tasks within our business.
EPOS Systems // 20 employees
Know what evolving customer expectations or requirements are.

Dave Byrne
Managing Director, Dualtron
Education Tech // 15 employees
Create a vision of where you want to get to.

Gary Hoey
Education Solution Specialist, Wriggle
Marketing/PR // 1 employee
Find providers who understand your business.

Conor McCabe
Owner, Conor McCabe Photography
Construction // 35 employees
Take small steps.

Barry Benson
Managing Director, Dyno-Rod
Automation // 75 employees
Don't be afraid of change and new technologies.

Alan McElligott
Head of IT, Electro Automation Ltd
Manufacturing // 12 employees
Outline the reasons for changes and the future benefits.

Robert O'Rourke
Owner and MD, Privatmark
Recruitment/HR // 55 employees
Setting up a Culture Committee to enhance employee experience

Jane Neilan
Director, Eden Recruitment
Distribution // 22 employees
Empowering staff to strive for continuous improvement

PJ Cotterell
General Manager, Tooling & Engineering Distribution Ltd.
EPOS Systems // 20 employees
Developing our own automated patient ordering solution

Dave Byrne
Managing Director, Dualtron
Automation // 75 employees
Adopting cloud technology aligned to business demand and needs

Alan McElligott
Head of IT, Electro Automation Ltd
Marketing/PR // 1 employee
Investing in tech to enhance quality in a demanding environment

Conor McCabe
Owner, Conor McCabe Photography
Construction // 49 employees
Tapping into the knowledge of our staff gave invaluable feedback

Barry Benson
Managing Director, Dyno-Rod
Education Tech // 15 employees
Recruiting existing customers to join our team

Gary Hoey
Education Solution Specialist, Wriggle Learning
Health // 13 employees
Building trust with our customers through a clear and concise GDPR policy

Catriona Lysaght
Speech and Language Therapy Manager
Here at the Speech Centre we are privvy to some of our clients' most intimate details, about their health, their family, their genetics, and so on. We make sure we get written consent from every client and keep this on file. We destroy all personal data after four years. We have a clear privacy policy available in hard copy in all our offices and on our website too. We keep paper files under lock and key and we keep electronic files protected.
Our clients really appreciate us being up front and honest about how, where and why we hold their data, and in turn they can be up front and honest with us about their health details, knowing that they will be kept private.
This proactive approach to data protection enables us to be proactive in the care we provide to our clients.
Here at the Speech Centre we are privvy to some of our clients' most intimate details, about their health, their family, their genetics, and so on. We make sure we get written consent from every client and keep this on file. We destroy all personal data after four years. We have a clear privacy policy available in hard copy in all our offices and on our website too. We keep paper files under lock and key and we keep electronic files protected.
Our clients really appreciate us being up front and honest about how, where and why we hold their data, and in turn they can be up front and honest with us about their health details, knowing that they will be kept private.
This proactive approach to data protection enables us to be proactive in the care we provide to our clients.
This is a great proactive approach, which is similar to our own at Three. We also have a detailed data retention policy, which ensures that all data is deleted automatically once we no longer need it. This means that we deliver the Right to be Forgotten to customers without them having to take any action.
Fergal Crehan
Data Protection Officer
Three Ireland

Security // 100 employees
GDPR training and awareness across our entire business

Paul Ennis
Managing Director, Keyguard Security
Key Guard Security has taken the following measures to prepare for GDPR.
1. Appointment of GDPR Manager. The role has been absorbed into the role of our HR Manager, but there is a clear identification of a responsible person. The role includes: ownership of our GDPR policy, staff training on data protection, record keeping and dealing with GDPR queries.
2. GDPR training for our GDPR Manager. This included a comprehensive guide to GDPR and the steps required to remain compliant.
3. Creation of a GDPR Policy. This policy is available to all clients, suppliers and staff and outlines how we manage our records and data and the reasons why.
4. GDPR training for all staff via electronic document. The entire workforce was required to review the policy and understand the impact of GDPR to their roles.
5. Finally, we sent a copy of our policy to all customers, suppliers and staff. This policy will be updated regularly and shared where applicable.
Key Guard Security has taken the following measures to prepare for GDPR.
1. Appointment of GDPR Manager. The role has been absorbed into the role of our HR Manager, but there is a clear identification of a responsible person. The role includes: ownership of our GDPR policy, staff training on data protection, record keeping and dealing with GDPR queries.
2. GDPR training for our GDPR Manager. This included a comprehensive guide to GDPR and the steps required to remain compliant.
3. Creation of a GDPR Policy. This policy is available to all clients, suppliers and staff and outlines how we manage our records and data and the reasons why.
4. GDPR training for all staff via electronic document. The entire workforce was required to review the policy and understand the impact of GDPR to their roles.
5. Finally, we sent a copy of our policy to all customers, suppliers and staff. This policy will be updated regularly and shared where applicable.
It is an excellent idea to make GDPR a dedicated responsibility or role. Due to our scale and the amount of information we process at Three, we have a dedicated Data Protection team, comprising of our Data Protection Officer, a Privacy Council and a Regulatory Affairs Executive. We also have an Information Security team to ensure we comply with our duty to keep data safe and secure.
Fergal Crehan
Data Protection Officer
Three Ireland

Construction // 35 employees
Updating policies and reinforcing our commitment to GDPR compliance

Barry Benson
Managing Director, Dyno-Rod
GDPR has indeed proven to be a great opportunity for the companies that embraced the change it invokes. At Three, we updated our Privacy Policies and other relevant documents to comply with our duty to process personal data in a transparent manner. Our Privacy Statement for customers is available here.
Fergal Crehan
Data Protection Officer
Three Ireland

EPOS Systems // 20 employees
Preparing well in advance for GDPR was our top priority

Dave Byrne
Managing Director, Dualtron
Senior managers attended various events run by the SFA and IBEC over the past year to find out what would be required of companies to be complaint with GDPR. New policies were developed around this and we resourced a team to analyse all GDPR requirements and manage these changes over the last year. This involved training and coaching all colleagues on what they needed to do to be GDPR compliant and stay compliant.
The Employee Handbook was updated reflecting the new requirements. We cleansed our marketing database and sought explicit opt-in from customers. We updated our privacy policy. We proposed new data privacy agreements with our customers. We added specific sections to our general meetings to communicate these new GDPR requirements to all staff, so that everyone was comfortable with the new requirements.
Senior managers attended various events run by the SFA and IBEC over the past year to find out what would be required of companies to be complaint with GDPR. New policies were developed around this and we resourced a team to analyse all GDPR requirements and manage these changes over the last year. This involved training and coaching all colleagues on what they needed to do to be GDPR compliant and stay compliant.
The Employee Handbook was updated reflecting the new requirements. We cleansed our marketing database and sought explicit opt-in from customers. We updated our privacy policy. We proposed new data privacy agreements with our customers. We added specific sections to our general meetings to communicate these new GDPR requirements to all staff, so that everyone was comfortable with the new requirements.
Availing of the help offered by associations is always a brilliant way for SMEs to overcome the resource challenges that come with change, and GDPR is no different. Having a team of staff attend events, research policies and then coach the rest of the workforce will create a strong Data Protection culture. Three already had a strong culture of Data Protection compliance at the outset, so that gave us a great head start in our GDPR readiness. However, our Data Protection team has continued to keep up to date with all the latest developments in Data Protection practice, and to communicates to the company through regular training.
Fergal Crehan
Data Protection Officer
Three Ireland
