Top 5 Non-GDPR Compliance Issues Facing Chief Compliance Officers

We’re halfway through 2018, and let’s face it … if you are like most CCOs, you spent that first half of 2018 battening down the hatches for the launch of GDPR. But, again, like most CCOs, your efforts and attention paid off. You were ready to deal with privacy and data issues to be GDPR compliant once May 25th came and went.

There was a lot of cost in these measures – for some, it meant new systems that offered a higher level of compliance and conformity to new standards. For others, it meant more headcount in hiring Chief Security Officers or new compliance professionals in the EU when, previously, compliance programs were managed from the US or elsewhere outside the EU.

But there was one other cost that should not be ignored: lost opportunity cost. Every year, CCOs and senior executives focus on their top initiatives for the year. Since GDPR consumed nearly half the year, we wanted to drop the traditional Top 10 list to a Top 5 that’s manageable for the balance of 2018:

Issue #1 – Analytics-driven training

At ETHIX360, we do annual reviews with each client, and an essential part of this process is to summarize all issues raised in the prior year by allegation and sub-allegation. We look for two things primarily when we do this – are the top allegation/sub-allegation combinations relatively preventable?

For example, in the case of a recent client meeting, we could present their data to them differently than they had viewed it in the past. It was quickly apparent to them that 1/3 of all compliance issues raised were related to sexual harassment, specifically a hostile work environment. Since those issues are typically under management’s control, they will be addressing them by training their managers and supervisors to be more aware of what constitutes a hostile work environment and how to prevent it.

Issue #2 – Increased employee access  

One of the opportunities often uncovered is system usage by millennials – or rather, the lack of it. In organizations with declining usage, we have found that the most significant driver has been cultural; millennials don’t like to call or even use websites to report. Instead, they tend to prefer apps or, for most, texting.   Expanding access to reporting tools, including apps and texting, will positively engage this millennial community.

Issue #3 – Global collaboration

More and more companies have a global footprint, whether their employees and locations or their supply chain partners. So even by expanding the use of your system to support multiple languages, you can make great strides. But it should not stop there! Multi-language support should be part of the back end of your system as well – case management. The application can then support your global footprint and usage. 

Issue #4 – Third-party exit interviews

Although most companies have an exit interview process, these processes are conducted mainly by internal staff, likely HR. Studies have consistently shown that in exit interviews conducted internally, the departing employees tend not to reveal their true reason for leaving for fear of a bad reference in the future and instead “take the high road.” 

They choose not to say they had been threatened by a co-worker and feared workplace violence or that their supervisor had made unwanted advances. Consistently, 3rd-party exit interviews, which allow the employee to remain anonymous, reveal up to 20% more issues. More critically, they reveal issues that caused people to leave the company and inflate turnover and associated costs.

Issue #5 – Marketing your program

Often at the initial launch of a hotline, it is broadly publicized throughout an organization. You might have printed posters, sent emails, or even had leadership broadcast messages about it. But what about the ongoing marketing of the program? Since that launch, have you continued to market the program? 

Employees need to be reminded. A 3rd-party hotline program should have positive benefits for your organization and demonstrate to your employees that you want to make your company operate responsibly, ethically, and transparently.

You Got This!

Managing an ethics and compliance program is challenging enough without the extra stress and resource drain that GDPR has brought to the equation. With limited time and limited resources, it is clear that the task at hand for compliance officers is not an easy one. Luckily it can be done! 

Focus on what’s most important. Focus on the top five compliance program elements that will impact your organization's culture most while mitigating risk.   Using your data to make educated decisions is easier than you think. Leveraging your compliance data, analytics, and benchmarking will help you make good choices for your compliance program. You won’t waste your precious resources training and creating policy awareness campaigns on departments that are low risk or not experiencing any issues. By knowing what to focus on, you’ll get the most bang for your buck, allowing you to stretch those compliance resources a little further. 

The ETHIX360 blog brings you weekly updates on all things human resources and compliance.

MEET THE AUTHOR

J Rollins is the co-founder and CEO of ETHIX360. J is a well known leader and innovator who has served on senior leadership teams ranging in responsibility from Chief Revenue Officer, Chief Marketing Officer, SVP of Product Strategy and Chief Operating Officer.

ABOUT ETHIX360

RELATED BLOGS