Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Printer Friendly Version
With the General Data Protection Regulation (GDPR) coming into force on 25 May 2018, the legal industry is already mobilising. A robust compliance programme is now vital – especially given the scale of fines involved.
Although the parameters of the GDPR are known, one key issue still concerns industry leaders – namely, how to encourage wider corporate engagement with compliance.
Typically, data protection is seen as the sole concern of the legal team, with little to no buy-in from C-suite executives or the wider business.
We spoke with senior counsel around the country to provide you with the insights and guidance you need to navigate the run-up to this May’s regime change.
The first step is understanding the identity of your company and its culture. As a lawyer, aligning your advice and initiating a strategy that fits with your company’s values and vision is a must – there is no one size fits all approach.
For Andrew Magowan, general counsel of ASOS, setting up a compliance department was a non-starter; he knew no one would utilise it. Instead, he subtly worked compliance into corporate sensibility under the umbrella of social responsibility.
GE, meanwhile, created a Manga-style compliance comic book for its offices in Japan, which was popular with its employees. By taking cultural differences into account, GE was able to choose an effective method for delivering the compliance message.
Developing an awareness of the particular threats and challenges that your company may face following the implementation of the GDPR is also vital; forewarned is forearmed.
Getting executives on board with compliance is crucial; the barriers and obstacles put in place by the C-suite can make even the best, well-reasoned compliance programme difficult to deliver.
Board members need to be convinced of the consequences of disregarding, or not supporting, a compliance programme. ‘Don’t go to them with a problem’, as one senior counsel stressed. ‘Go armed with solutions and options.’
This advice was echoed by a GC who observed: ‘The board get fed up of being told about fines and sanctions. Use your sales and communication skills to draw out the positives and incentivise them.’
But preparation comes before persuasion. Providing board members with relevant information to look at in advance can help reduce the time it takes to communicate your message. Furthermore, tailor your message to suit your audience. Do your homework beforehand
and adapt your style of communication to the individuals in question.
However, if direct communication does not prove effective, consider bringing in an external, objective adviser; executives often have a great deal of respect for the word of an ‘expert’.
GCs and in-house lawyers also must find a way to bring the compliance message to the company as a whole. While setting the tone from top down is essential, some of the most successful programmes start from the bottom up.
Compliance is, understandably, perceived to be a dry topic, but there are workarounds. Apps, for example, can be effective learning tools, as the information can be absorbed in manageable, bite-sized chunks. Reckitt Benckiser General Counsel for Group
Legal Affairs, Claire Debney, pointed out that Reckitt Benckiser uses an app that employs a ‘Can I, can’t I?’ style, which is an easily adaptable model.
Entertainment and games are another option. Vodafone, for example, has created a ‘snakes and ladders’ compliance game and T-Systems (a subsidiary of Deutsche Telekom) uses YouTube videos to train and engage its employees in compliance.
Ultimately, tailoring the compliance message to your company’s identity, as well as to the individuals within it, is the best advice for helping to move your company towards a genuinely compliant culture in the run-up to the GDPR. But you will
need to roll your sleeves up – it is not enough to simply deliver the message from on high. You need to get involved, give advice and, importantly, pick your battles carefully.
But there is still time. The changes don’t come into effect until May 2018 and, as Claire Debney points out, you need to ‘be patient – it’s a marathon, not a sprint. Work with and capitalise on the strengths in the business.
Find your champions’.
We’re here to help provide you with the support you need in the coming months.
Our GDPR Planner expands on the suggested set of actions for each of the 12 areas issued by the Information Commissioner’s Office (ICO).
Rather than presenting them by subject matter, it does so chronologically, breaking down the necessary actions over four periods of time – saving you time by providing a comprehensive project plan to work from:
(4) embed / test / review
This is one of many practical tools to help you manage your compliance obligations faster and more effectively within our LexisPSL Risk & Compliance module - created specifically to support in-house lawyers identify and manage
risk in their organisations.
With email news alerts, monthly highlights and forecasts; practice notes explaining the "what and the why" in key areas of risk such as crisis management, anti-money laundering, anti-bribery & corruption; and an unmatched suite of precedents to
help you put effective systems and process in place - fast. Request a free, no-obligation trial.
0330 161 1234