BLOG: Compliance and culture change: using Project Bijou in your organisation

In this blog, Liz Smith, Head of Compliance at BCS: The Chartered Institute for IT* explains how Project Bijou changed her mindset and how she’s using the project to educate and inform her organisation. 

"I joined BCS 3 years ago as ‘Data Protection Lead’ and as my then boss often reminds me ‘data protection’ wasn’t in my vocabulary!

I qualified as a Data Protection Practitioner in December 2019 and over the pandemic spent much of my furlough engrossed in webinars and extra learning around the subject. In December 2021 I joined a webinar which totally changed the way I thought about data protection. That hour indirectly introduced me to Emma Martins and directly to Project Bijou. I was hooked on the concept and spent much of the following days on the ODPA website learning more about the initiative. I realised that data protection wasn’t just my job, it’s everyone’s job and my challenge was to engage my colleagues in such a way that data protection became embedded in the culture of the organisation.

As I have progressed in my role, gaining a greater understanding of data protection I am a keen advocate in that data protection matters not just at work but at home too. I firmly believe that we, as professionals in this field, need to communicate that message to all members of society not just our colleagues. We need to share our knowledge in the way that the bluetits spread theirs about the cream at the top of the milk (oh the childhood memories!).

When I say we need to spread our knowledge, I don’t mean that we need to tell everyone that Article 7 relates to Conditions for Consent or that Chapter IV defines the obligations of the Controller and Processor, we need to explain why it’s important that we do our jobs well to protect the information that we are trusted with. We need to explain how to do that in ways that our colleagues can understand, we need to reassure our customers that we can be trusted and more widely share with our family and friends why data protection matters to them and what they can do to keep their own data safe.

One of my colleagues recently said that data protection is like your maths homework: you know you have to do it, but it doesn’t make a lot of sense and you really don’t know where to start. That for me sums up many people’s attitude to the regulations we call GDPR.

Since being in post, I have created a 'Champions Programme' (I currently have a team of 18 champs across the organisation) who help me embed data protection in their teams. We meet monthly, share stories, experiences and knowledge. We talk about what is happening in the business and come up with ideas to spread awareness to take away that “maths homework” feeling. GDPR now has an annual birthday party at BCS, jelly and ice cream, cheese and pineapple on sticks and party games. Pass the parcel (no forfeits just GDPR related questions), pin the tail on the donkey (well…put the confidential waste in the shredder) and rock, paper, scissors ('principle, right or breach by another name) form just part of the fun.  

In autumn 2022 I introduced Project Bijou to my colleagues and started to share the initiative across the organisation. Over 100 colleagues joined in with a simple game which led to an introduction of Bijou. Bijou’s message is now spreading across BCS and takes with it a greater awareness of protecting data for our customers and ourselves.

As we know anecdotes result in behaviour change, and behaviour change changes culture. Maybe it’s not as easy as ABC but the more we share experiences the more difference we can make to people just like you and me. After all, data protection is not just a work thing, it’s a life thing, it’s a you and me thing."

* The BCS has over 60,000 members in 150 countries, and a wider community of business leaders, educators, practitioners and policy-makers. As a charity with a royal charter, their agenda is to lead the IT industry through its ethical challenges, to support the people who work in the industry, and to make IT good for society.