Oxfam GB staff went from viewing the GDPR as a regulatory change that was “scary” and burdensome, to one that aligned with their mission values—that was ultimately about protecting the data rights, dignity and safety of the people they served.
Oxfam’s information security team was able to create an organizational culture shift through a combination of awareness-raising and technical capacity-building. They distributed the work across many “data protection representatives” and recognised the important role of context. While their strategies were resource-intensive, they provide a useful framework that other civil society groups could adapt.
Check the article here!
