jointposts

Opportunity knocks: Using GDPR to strengthen virtual teams

This is a joint post with Martin Hawksey (cross-posted here).  If you have missed our earlier posts we encourage you to revisit the beginning of the story of how we, as senior staff, lead our organisation to adopt virtual operations.

May

This month we discuss our approach to GDPR, evolving virtual working practices and the importance of explaining the reasons for new procedures as part of implementing them.

Maren: We at the end of a super busy month and part of what’s been keeping us busy is GDPR… (thanks for writing handy blog posts for us to reference here). We’ve worked hard on the contractual, technical & legal aspects, but it’s also been an opportunity to review our relatively new virtual working practices. One issue I have been thinking about is finding the right balance between providing guidance and support whilst ensuring individuals also take appropriate responsibility. For example, we have policies about how to secure laptops or delete temporary files and we regularly review these as a team and share updates on how we are implementing them. Yet even though you can monitor and review processes regularly there is a large element of trust in our virtual working culture. To some extent we have to rely on everyone taking responsibility and making it part of their day to day working habits to follow new procedures. Explaining the reasons why we mandate certain things should help ensure that everyone understands their importance. In the GDPR training we did as a team, talking about how the new legislation relates to our values as an organisation (e.g. how that is reflected in ALT’s Privacy Policy) and why it affects us as staff on an individual basis was a really important moment for me. What’s your view on this?

Martin: GDPR has been a great opportunity to think about how as a team we store and process data. As a data controller one of the things we have implemented is documenting our data processing activities which includes how and where data is stored. Another critical aspect is how data is transferred. For our team this is greatly simplified by predominately being a Chromebook based organisation with centrally managed devices. This means we can mitigate a number of risks through device security policies and the build-in security features of Chrome OS. Another key aspect is we have a ‘home working’ rather than ‘remote working’ policy. This removes risks associated with regularly using open wifi networks in places like coffee shops, but does however leave open two questions: how do we ensure the security of home networks; and given a number of our team also travel maintaining security on the road. The process of preparing for GDPR has highlighted that there is more we can do to secure data transfer, the solution being investigating VPN options. Besides the technical solutions it’s also been useful to reflect on how the team is responding to personal responsibilities mentioned. In the case of GDPR it’s been great to see our team respond to the training we’ve provided and being proactive in both highlighting areas where our procedures can be improved and also suggesting or making the changes required themselves. Not being co-located removes some of the opportunities to get an idea of how someone is doing, for example, body language is largely filtered out in Google Hangouts. It was only when I reflected on this that I realised I’ve started relying on other indicators.  Has our work around GDPR highlighted anything like this for you?

Maren: You make an interesting point about tangible and less tangible indicators and how they can help inform our approach to supporting and leading the team. As you say, GDPR has created a lot of crossover between policies that apply to our organisation as a whole, publicly, like the privacy policy, as well as the workflows that support membership services, and reaching over to personal working practices at home and whilst travelling. Tangible examples of how all the new procedures and policies are being implemented, like seeing new forms, or workflows or questions being discussed, is important. Together with the reporting and monitoring processes we use, these kinds of indicators enable me to manage the operational side of things. The less tangible things you refer to are harder to pinpoint, but I am also finding them more important since we have become a virtual team. They could be things like a casual comment or an informal conversation or something I spot when screen-sharing or working on a shared document. The more time I spend collaborating, the more I get a sense of how things are going. We have mentioned before how we have a ‘Show & Tell’ element at each of our weekly team meetings and recently we had several weeks of sharing what we use to manage our to do lists and plan our work. For the next month or so we will include a GDPR element in each team meeting, with everyone bringing examples of how they are implementing the new policies. All of these opportunities to collaborate, hearing colleagues think out loud, are valuable for helping me understand how others think or see things, and that enables me to better explain/support new processes.

Martin: Another aspect of our GDPR implementation I’ve been reflecting on is the degree of visibility of our individual activity to each other. In the case of GDPR I put a lot of effort into researching what we were required to do as an organisation and understanding various aspects of the new regulations from a legal and practical perspective. Parts of this process left very few tangible outputs and in some cases some of the outputs were not suitable for circulation in the team. It was a reminder that it’s not always possible to share everything we do and a level of trust is required. It was also a reminder of why our weekly team meetings are so important and arguably more important than if we were working in a face-to-face setting. You mentioned that our ‘Show & Tell’ has recently focused on sharing how we each plan our work. It was interesting to see the diversity of approaches and the varying levels of detail that we each use. As my role is very diverse rather than having a single method I adapt my approach. For example, in the case of GDPR I’m using a mixture of our GDPR action plan in Google Documents and Sheets, Google Keep lists and managing my inbox with labels, stars/flags and snooze. For other projects like the Annual Conference we have a shared project plan we can all report our progress against. In the case of the Annual Conference this has changed little from when most of the team was office based. I think this still works well but wonder if we were creating this from scratch as a virtual team would you do something different, in particular, to increase the visibility of what we are all doing at a particular time?  

Maren: I’d like to do that – spend time thinking about what starting from scratch would look like. I imagine that (1) our values, (2) the importance of working together with volunteers, our Members, and (3) our overall policies for working would remain constant. But… there are other factors: the size of the team means necessarily that many tasks are more independent and only some a consistent team effort. With 5-6 staff you can’t easily create sub-teams for example that would work together ‘more visibly’. I’ve also considered tools like Trello or Slack, but I’m not sure how well they’d work for everyone, and I feel allowing everyone a choice in which methods to use for organising work, e.g. what we shared in our to do list show & tell sessions, can really contribute to productivity. We have our overall operational plan which all other plans/lists are related to and in my mind that provides the consistency required – although maybe we could make use of it more frequently. Overall the high level of our output and achievement is a good indicator that our current practice is effective, and that is reassuring. What I mean to say is that we have an opportunity rather than having to re-imagine what this could look like. Hearing you reflect on your perspective and comparing it to my own has opened up the question what this looks like for each of us. With a team away day coming up in a couple of weeks we could take the opportunity to dedicate some time to reflect on this as a group.

1 thought on “Opportunity knocks: Using GDPR to strengthen virtual teams”

Comments are closed.