Learn from Experience

Topic: GDPR - challenge or opportunity?

The new GDPR regulations have not been without their challenges, but they have also revealed unexpected opportunities for many businesses. How have other SMEs addressed the GDPR process and what impact have these changes made across their business?

We asked the Three Customer Insights Panel:

Now that GDPR is in effect, what measures have you put in place to stay compliant?
Now that GDPR is in effect, what measures have you put in place to stay compliant? What was your best business decision of 2017 and why? What advice would you offer to help other businesses manage digital change?

Security // 100 employees

Change is a process, not an event.
Paul Ennis

Managing Director, Keyguard Securities

Change is a process, not an event.
  
Paul Ennis - Managing Director, Keyguard Securities
Paul Ennis

Managing Director, Keyguard Securities

Security

100 employees

Managing Director, Keyguard Securities

My advice to other similar companies is to embrace the change rather than resist or fear it.

We all fear technology that we don’t understand so therefore it is important to conduct extensive research; educate yourself and your staff; be patient throughout; encourage new ideas to help with the process; and clearly communicate the vision that you have for the technology you want to use.

Keep that vision at the forefront of everyone’s mind, especially when times get tough during change. Remember that change is a process, not an event.

Technology // 40 employees

The players will identify the need for change.
Peter Fox

Director, Digicom

The players will identify the need for change.
  
Peter Fox - Director, Digicom
Peter Fox

Director, Digicom

Technology

40 employees

Director, Digicom

It's very important to bring the key stakeholders along with the process. Bring together a task team – senior management, middle management, some from the 'factory floor' – even an effected client.

The key objective is to keep those most effected well-informed, then the players themselves will identify the need for change. The next difficulty is the day-to-day business distractions which may prevent us from completing the change. Yet even as we complete our changes we realise there is no end. We should make change management processing part of our weekly tasks within our business.

EPOS Systems // 20 employees

Know what evolving customer expectations or requirements are.
Dave Byrne

Managing Director, Dualtron

Know what evolving customer expectations or requirements are.
  
Dave Byrne - Managing Director, Dualtron
Dave Byrne

Managing Director, Dualtron

EPOS Systems

20 employees

Managing Director, Dualtron
We believe the most important advice for managing change in a digital world is to stay in tune with new developments in customer expectations and new technologies being introduced. If these two areas are correctly addressed then much better outcomes can be expected. Without knowing what evolving customer expectations or requirements are, we cannot know where to change our systems or processes. Without being aware of emerging technologies we may miss real opportunities to leverage new tools or systems for managing change in the digital world. It's vital to be constantly monitoring these two areas to be change ready.

Education Tech // 15 employees

Create a vision of where you want to get to.
Wriggle Logo
Gary Hoey

Education Solution Specialist, Wriggle

Create a vision of where you want to get to.
  
Gary Hoey - Education Solution Specialist, Wriggle
Gary Hoey

Education Solution Specialist, Wriggle

Education Tech

15 employees

Education Solution Specialist, Wriggle
From our experience both of digitally transforming our own business and of helping to digitally transform our customers (schools), our advice is to start by creating a vision of where you want to get to. From there, build a clearly defined strategy on how you will get there and include every individual who will play even the smallest role. When we work with post-primary schools to develop their strategies for using technology for teaching and learning, we know that the strategy must take all stakeholders into account. This prevents unforeseen obstacles and ensures each step in the journey is supported, so the vision can be reached.

Marketing/PR // 1 employee

Find providers who understand your business.
Conor McCabe

Owner, Conor McCabe Photography

Find providers who understand your business.
  
Conor McCabe - Owner, Conor McCabe Photography
Conor McCabe

Owner, Conor McCabe Photography

Marketing/PR

1 employee

Owner, Conor McCabe Photography
My advice is to act early and act fast. I've witnessed technology completely transform my line of business over the last 16 years. Being an early adopter of new technologies and digital trends has given me competitive advantage. For example, I was one of the first to offer real-time event photography in Ireland - where a photo of someone accepting an award has gained traction on Twitter before they've made it back to their seat. I also would suggest (and rely on myself) using cloud-based applications for invoicing and file sharing. This helps keep operations efficient and cost-effective. Bottom line, find providers who understand your business and will help you achieve your competitive advantage.

Construction // 35 employees

Take small steps.
Barry Benson

Managing Director, Dyno-Rod

Take small steps.
  
Barry Benson - Managing Director, Dyno-Rod
Barry Benson

Managing Director, Dyno-Rod

Construction

35 employees

Managing Director, Dyno-Rod
Firstly, sell change to your staff as something of benefit not only to the company but also to them. Pinpoint advantages the changes will make for your staff. Having staff on board from the very start with any change – technology or otherwise – makes it easier. Secondly, take small steps. In my experience you get one chance when introducing new technology or change and if it hasn't been tested, foolproofed or thought through you could find yourself with the tough task of convincing deflated staff that changes you are trying to make, or technologies you are trying to introduce, are correct

Automation // 75 employees

Don't be afraid of change and new technologies.
Alan McElligott

Head of IT, Electro Automation Ltd

Don't be afraid of change and new technologies.
  
Alan McElligott - Head of IT, Electro Automation Ltd
Alan McElligott

Head of IT, Electro Automation Ltd

Automation

75 employees

Head of IT, Electro Automation Ltd
It is important not to be afraid of change and not to be afraid of new technologies. A shift from wired communications to newer wireless and IP based systems is inevitable. Although care is needed when transitioning from old methods and legacy systems, particularly in relation to managing expectations, the results can greatly reduce risks and costs as well as create business continuity processes where none existed before.

Manufacturing // 12 employees

Outline the reasons for changes and the future benefits.
Robert O'Rourke

Owner and MD, Privatmark

Outline the reasons for changes and the future benefits.
  
Robert O'Rourke - Owner and MD, Privatmark
Robert O'Rourke

Owner and MD, Privatmark

Manufacturing

12 employees

Owner and MD, Privatmark
It’s all about communication. Change is inevitable but many people find it difficult. Usually this is because they don’t understand the necessity. It’s important as you plan to make changes in your organisation that you clearly outline the reasons why you are making the changes and, most importantly, the future benefits. It’s much easier to implement change when people are brought along on the journey, rather than blindly landing them in an unknown outcome.

Recruitment/HR // 55 employees

Setting up a Culture Committee to enhance employee experience
Jane Neilan, Eden Recruitment
Jane Neilan

Director, Eden Recruitment

Setting up a Culture Committee to enhance employee experience
  
Jane Neilan - Director, Eden Recruitment
Jane Neilan

Director, Eden Recruitment

Recruitment/HR

55 employees

Director, Eden Recruitment
Our best business decision in 2017 was to set up Culture Committee - an initiative to help drive a positive employee experience across the company.

Distribution // 22 employees

Empowering staff to strive for continuous improvement
PJ Cotterell
PJ Cotterell

General Manager, Tooling & Engineering Distribution Ltd.

Empowering staff to strive for continuous improvement
  
PJ Cotterell - General Manager, Tooling & Engineering Distribution Ltd.
PJ Cotterell

General Manager, Tooling & Engineering Distribution Ltd.

Distribution

22 employees

General Manager, Tooling & Engineering Distribution Ltd.
Our best business decision of 2017 was to promote the idea of continuous improvement to all staff. I am a firm believer that just because you have done a job a certain way for a long time, doesn’t mean it is best practice or that it can’t be improved upon. We have challenged all staff to review their areas of responsibility and empowered them to come up with innovative ways to improve efficiency within the business. The results have been astounding with some ground-breaking ideas being brought to the table and implemented where possible. In doing so, we have saved valuable time and are ultimately able to offer a better service to our customers. It’s our mission in 2018 to work smarter, not harder!

EPOS Systems // 20 employees

Developing our own automated patient ordering solution
Dave Byrne - Dualtron
Dave Byrne

Managing Director, Dualtron

Developing our own automated patient ordering solution
  
Dave Byrne - Managing Director, Dualtron
Dave Byrne

Managing Director, Dualtron

EPOS Systems

20 employees

Managing Director, Dualtron
Having looked at the off-the-shelf solutions available for automating hospital patient catering orders, we decided to develop a solution ourselves especially for the Irish market. We engaged a partner to help us produce it and we're delighted with the outcome - Serval Ward Ordering. It allows patients' food choices to be input and managed via tablets in real-time instead of on paper, improving the patient experience in many ways, as well as improving operational efficiency.

Automation // 75 employees

Adopting cloud technology aligned to business demand and needs
Alan McElligott - Electro Automation Ltd.
Alan McElligott

Head of IT, Electro Automation Ltd

Adopting cloud technology aligned to business demand and needs
  
Alan McElligott - Head of IT, Electro Automation Ltd
Alan McElligott

Head of IT, Electro Automation Ltd

Automation

75 employees

Head of IT, Electro Automation Ltd
The best business decision we made in 2017 was to not run before we could walk in relation to adopting cloud technology. We adopted it where it was required, cost-effective and proved most efficient. We kept control of the on-demand costs that come with such services. Doing so enabled us to mitigate our risks, apply a phased approach and manage the payment process without the overhead of heavy contracts and redundant licencing.

Marketing/PR // 1 employee

Investing in tech to enhance quality in a demanding environment
Conor McCabe
Conor McCabe

Owner, Conor McCabe Photography

Investing in tech to enhance quality in a demanding environment
  
Conor McCabe - Owner, Conor McCabe Photography
Conor McCabe

Owner, Conor McCabe Photography

Marketing/PR

1 employee

Owner, Conor McCabe Photography
Looking back on 2017, the decision to invest in new technology was one of the most important factors for the continued growth of my business. Investing in new equipment keeps me up to speed with the latest technology features and allows me to deliver a high quality service in a very demanding environment. With the increase in mobile photography and the quality it delivers when taken in excellent lighting conditions, it’s important as a professional photographer to use the most up-to-date equipment and complement this with a perfectly composed image.

Construction // 49 employees

Tapping into the knowledge of our staff gave invaluable feedback
Barry Benson - Dyno-Rod
Barry Benson

Managing Director, Dyno-Rod

Tapping into the knowledge of our staff gave invaluable feedback
  
Barry Benson - Managing Director, Dyno-Rod
Barry Benson

Managing Director, Dyno-Rod

Construction

49 employees

Managing Director, Dyno-Rod
Our best business decision in 2017 was to engage more with our staff. We have Service Engineers who have been with the company for over 30 years and we rarely tap into the knowledge that they have amassed over that time. In 2017 we conducted a survey with all of our staff, to learn about their perception of our business, what they feel our customers' perceptions are, how they feel we could grow the business and what they would change about the service we deliver. The feedback was great and it gave me an understanding of what areas we need to improve on as well as what areas our staff feel we are very strong on. Over the years, we have tried every form of market research and none has compared to the feedback our own staff gave us. This goes to show how important it is to engage with your staff on a regular basis as well as welcome their feedback.

Education Tech // 15 employees

Recruiting existing customers to join our team
Gary Hoey - Wriggle Learning
Gary Hoey

Education Solution Specialist, Wriggle Learning

Recruiting existing customers to join our team
  
Gary Hoey - Education Solution Specialist, Wriggle Learning
Gary Hoey

Education Solution Specialist, Wriggle Learning

Education Tech

15 employees

Education Solution Specialist, Wriggle Learning
Last year, continued growth in demand for our services left us in the fortunate position of being able to expand our team. We looked outside of what has been the traditional fit of staff and spoke to potential new staff who weren’t experienced in the role, but who were customers themselves. We hired two teachers who have first-hand knowledge of the needs and challenges of our customers. This has been our best business decision of 2017. Our customers are now dealing with staff who are just like them and who are best suited to align them to solutions within our product and service range.

Health // 13 employees

Building trust with our customers through a clear and concise GDPR policy
catriona-lysaght
Catriona Lysaght

Speech and Language Therapy Manager

Building trust with our customers through a clear and concise GDPR policy
  
Catriona Lysaght - Speech and Language Therapy Manager
Catriona Lysaght

Speech and Language Therapy Manager

Health

13 employees

Speech and Language Therapy Manager

Here at the Speech Centre we are privvy to some of our clients' most intimate details, about their health, their family, their genetics, and so on. We make sure we get written consent from every client and keep this on file. We destroy all personal data after four years. We have a clear privacy policy available in hard copy in all our offices and on our website too. We keep paper files under lock and key and we keep electronic files protected.

Our clients really appreciate us being up front and honest about how, where and why we hold their data, and in turn they can be up front and honest with us about their health details, knowing that they will be kept private.

This proactive approach to data protection enables us to be proactive in the care we provide to our clients.

This is a great proactive approach, which is similar to our own at Three. We also have a detailed data retention policy, which ensures that all data is deleted automatically once we no longer need it. This means that we deliver the Right to be Forgotten to customers without them having to take any action.

Fergal Crehan
Data Protection Officer
Three Ireland

Security // 100 employees

GDPR training and awareness across our entire business
Keyguard-Security-headshot
Paul Ennis

Managing Director, Keyguard Security

GDPR training and awareness across our entire business
  
Paul Ennis - Managing Director, Keyguard Security
Paul Ennis

Managing Director, Keyguard Security

Security

100 employees

Managing Director, Keyguard Security

Key Guard Security has taken the following measures to prepare for GDPR.

1. Appointment of GDPR Manager. The role has been absorbed into the role of our HR Manager, but there is a clear identification of a responsible person. The role includes: ownership of our GDPR policy, staff training on data protection, record keeping and dealing with GDPR queries.


2. GDPR training for our GDPR Manager. This included a comprehensive guide to GDPR and the steps required to remain compliant.


3. Creation of a GDPR Policy. This policy is available to all clients, suppliers and staff and outlines how we manage our records and data and the reasons why.


4. GDPR training for all staff via electronic document. The entire workforce was required to review the policy and understand the impact of GDPR to their roles.


5. Finally, we sent a copy of our policy to all customers, suppliers and staff. This policy will be updated regularly and shared where applicable.

It is an excellent idea to make GDPR a dedicated responsibility or role. Due to our scale and the amount of information we process at Three, we have a dedicated Data Protection team, comprising of our Data Protection Officer, a Privacy Council and a Regulatory Affairs Executive. We also have an Information Security team to ensure we comply with our duty to keep data safe and secure.

Fergal Crehan
Data Protection Officer
Three Ireland

Construction // 35 employees

Updating policies and reinforcing our commitment to GDPR compliance
dyno-rod-headshot
Barry Benson

Managing Director, Dyno-Rod

Updating policies and reinforcing our commitment to GDPR compliance
  
Barry Benson - Managing Director, Dyno-Rod
Barry Benson

Managing Director, Dyno-Rod

Construction

35 employees

Managing Director, Dyno-Rod
Now that GDPR has come into effect we have been extremely busy updating our policies such as our Data Retention policy. While some companies have found GDPR to be a disruption, Dyno Rod has embraced it as an opportunity to engage with our staff and ensure that they are aware of Dyno Rod's commitment to be fully GDPR compliant.
GDPR has indeed proven to be a great opportunity for the companies that embraced the change it invokes. At Three, we updated our Privacy Policies and other relevant documents to comply with our duty to process personal data in a transparent manner. Our Privacy Statement for customers is available here.

Fergal Crehan
Data Protection Officer
Three Ireland

EPOS Systems // 20 employees

Preparing well in advance for GDPR was our top priority
dualtron-headshot
Dave Byrne

Managing Director, Dualtron

Preparing well in advance for GDPR was our top priority
  
Dave Byrne - Managing Director, Dualtron
Dave Byrne

Managing Director, Dualtron

EPOS Systems

20 employees

Managing Director, Dualtron

Senior managers attended various events run by the SFA and IBEC over the past year to find out what would be required of companies to be complaint with GDPR. New policies were developed around this and we resourced a team to analyse all GDPR requirements and manage these changes over the last year. This involved training and coaching all colleagues on what they needed to do to be GDPR compliant and stay compliant.

The Employee Handbook was updated reflecting the new requirements. We cleansed our marketing database and sought explicit opt-in from customers. We updated our privacy policy. We proposed new data privacy agreements with our customers. We added specific sections to our general meetings to communicate these new GDPR requirements to all staff, so that everyone was comfortable with the new requirements.

Availing of the help offered by associations is always a brilliant way for SMEs to overcome the resource challenges that come with change, and GDPR is no different. Having a team of staff attend events, research policies and then coach the rest of the workforce will create a strong Data Protection culture. Three already had a strong culture of Data Protection compliance at the outset, so that gave us a great head start in our GDPR readiness. However, our Data Protection team has continued to keep up to date with all the latest developments in Data Protection practice, and to communicates to the company through regular training.

Fergal Crehan
Data Protection Officer
Three Ireland