Move fast in a global crisis, without breaking things
COVID-19 may have muted the tech-lash, but tread carefully as you adopt new tech. Move with agility and lean governance, not rushed panic
The era of ‘move fast and break things’ was supposed to be over. We were promised a safer, more responsible, more ethical internet; we were told Privacy and data ethics were priorities for tech and not just PR.
We were promised that the data hungry businesses of the likes of Facebook and Google would be tamed, that they would protect what they (legally) collected and be good information custodians.
A pandemic changes everything
Well that was then, that was until February passed in to March this year. On 11 March the World Health Organisation (WHO) declared that the COVID-19 outbreak was a pandemic.
Markets plummeted, whole industries collapsed, business models disappeared overnight. The impact for many businesses was immediate and dramatic. The personal toll on health, loss of life and loved ones, continues to be utterly tragic.
And we don’t yet know how this story ends, what the world will look like once the storm passes; we’re still living through this.
Agility in a crisis
In times of emergency things speed up, there’s a rush of emotion, a hunger, a need for innovation for speed; instincts kick in. And this can be brilliant, a forcing function for decisions, driving clarity and accelerating change.
This urgency has great power for positive results, whether it’s bringing global scientific communities together, driving collaboration, unearthing innovations. We have seen many examples of this recently, (for example Mercedes F1’s breathing aid made within a week).
What changes will stick? What will the ramifications be?
There’s been a rush to innovate, to adapt, to figure out the new normal across every aspect of our lives. This is vital when it comes to saving lives or connecting the scientific dotes, but what is the knock on effect? What else will go under the radar, under the pretext of priority and relating to COVID-19? What tech will rush in? What rushed practices or habits will stick? For good or bad?
Digital Transformation: expedited by the pandemic
The digital imperative is not a new board item in organisations, it’s been around for years now. I was ‘Group Head of Digital’ for a Fortune 500 financial organisations a decade back, spending my time convincing the C-Suite of the need to evolve and the benefits of new tech, processes and talent.
“This is a wake-up call for organisations that have placed too much focus on daily operational needs at the expense of investing in digital business and long-term resilience. Businesses that can shift technology capacity and investments to digital platforms will mitigate the impact of the outbreak and keep their companies running smoothly now, and over the long term.” (Sandy Shen, Gartner)
The business of upgrading tech stacks, to optimising the online customer experience has been slow, expensive and cumbersome for non-digital native organisations. Upgrading outdated technology, adopting new processes and changing mindsets is tough.
There’s nothing like a powerful lever and stick to set the wheels in motion. A crisis can be a gift for leaders.
It’s amazing how quickly Video Conferencing tools, cloud applications which enable collaboration, and communication channels can suddenly unlock and be approved where once risk or InfoSec said no, or the business reflected. Digital transformation at high speed.
“Software is eating the world”
(Marc Andreesen said this way back in 2011, but yet it still feels relevant today)
Trends which the crisis has accelerated
Telecommuting (we’re now all Video Conferencing our colleagues, our kids’ teachers, our parents, our friends on a Friday night)
Food & services going on demand to your door (think Uber eats)
Events & entertainment: events going virtual, demand for streamed entertainment doubles down
Cloud and SaaS — share, access co-edit documents, e-sign, collaborative tools
E-commerce — yes, we still want to shop when we can’t go to a shop
Online learning (see our article on this trend)
How do you do due diligence under pressure?
Whether its digital transforming a whole organisation, or simply bringing in a single new cloud service at speed in a crisis, Data Protection, risk and security continues to be vital and needs to be considered from the outset.
‘Zoom Bombing’ where hackers snuck into people’s private meetings was a recent but important reminder that any data breach or hack can erode customer trust and damage your reputation. The increased popularity of its service has meant its compliance and security practices gain greater attention, so lessons from the likes of Facebook indeed.
“Zoom is providing a service of real value in these desperate times, but it needs to grow up. It’s playing in the big league now.”
(John Naughton, The Guardian)
So How do you Move Fast, Without Breaking Things?
There’s a clear and compelling case for the rapid adoption of good technology which enables your organisation to be productive right now, but you need to make sure your tools are trusted and your brand protected with the right governance, even if it’s lean.
Here are some tips for getting the balance right between compliance and expedited digital change:
Intelligent risk: make sure you know what risks you are taking, know the unknowns, read the terms, look at the worst case scenario and make an informed decision and use a model to frame your decisions. Using tools like Data Protection Impact Assessments (DPIAs), but make them iterative, discursive and collaborative. Make compliance real and pragmatic
Don’t try to DIY. data security, protection and compliance are hard, the regulations are complex. Use good experts for point support
Ditch static documents: don’t waste time with disconnected excel and word documents, use a secure SaaS solution like Trace for a modern approach to compliance to create smart Data Protection Agreements (DPAs) which you can e-sign, smart Processor Assessments or DPIAs
Take a holistic approach, bring the key decision makers or experts together and work through your decision with agility. Keep the process lean but collaborative, Privacy by Design means bringing in the Privacy champions and thinking at the start of a project
Be accountable — the Accountability is at the heart of regulations like the GDPR — so for example you’re accountable for using trusted partners and data processors as an organisation (and controller), so follow best practice like NCSC cloud security guidance and find a pragmatic, agile and principled approach.
Stay safe, stay at home, protect the NHS.
Article written by Sorcha Lorimer, Trace’s Founder.