Freeze – GDPR is coming! (October 2017)

I am a big fan of change – one of my favourite change models is Kurt Lewin’s three-stage model:

Unfreeze

Change

Refreeze

Lewin theorised that people become embedded in a behavioural pattern, and that to get them to change, you have to first break that pattern (unfreeze), get them to adopt the desired behavioural pattern (change) and then embed that behaviour so that it is maintained (refreeze).

I think all of the recent news and coverage of virus outbreaks, phishing attacks on the NHS, cyber-crime, hacking, malware and GDPR is creating an unfrozen state. People are being sensitised to the risks to their data, and the frequent big data breaches are making poor corporate management of personal data increasingly socially unacceptable. Look at the £1.2bn fall in the value of Equifax following their data breach.

In terms of corporate culture, this creates an opportunity for Information Governance Managers to engage with their colleagues to seek to embed new behaviours before people become de-sensitised and the opportunity is lost.

Creating a controlled corporate environment, in which there is an abuse of autonomy, means that people will create new collections, purposes and processes without management control.

The Flowz Information Asset Management software can be a focal point for organisations to identify all Information assets, assess risk and create new processes, but this will require senior management support as will any similar initiative.

My favourite change model is a corruption of Richard Beckhard’s change equation:

‘People will only change when the pain of staying the same exceeds the pain of changing.’

In my opinion, short-term pain now will pay long-term dividends later, in regaining management control of personal data.

A bit like stuffing a genie back into a bottle …