This is a joint post with Maren Deepwell (cross-posted here). If you have missed our earlier posts we encourage you to revisit the beginning of the story of how we, as senior staff, lead our organisation to adopt virtual operations.
This month we discuss our approach to GDPR, evolving virtual working practices and the importance of explaining the reasons for new procedures as part of implementing them.
Martin: GDPR has been a great opportunity to think about how as a team we store and process data. As a data controller one of the things we have implemented is documenting our data processing activities which includes how and where data is stored. Another critical aspect is how data is transferred. For our team this is greatly simplified by predominately being a Chromebook based organisation with centrally managed devices. This means we can mitigate a number of risks through device security policies and the build-in security features of Chrome OS. Another key aspect is we have a ‘home working’ rather than ‘remote working’ policy. This removes risks associated with regularly using open wifi networks in places like coffee shops, but does however leave open two questions: how do we ensure the security of home networks; and given a number of our team also travel maintaining security on the road. The process of preparing for GDPR has highlighted that there is more we can do to secure data transfer, the solution being investigating VPN options. Besides the technical solutions it’s also been useful to reflect on how the team is responding to personal responsibilities mentioned. In the case of GDPR it’s been great to see our team respond to the training we’ve provided and being proactive in both highlighting areas where our procedures can be improved and also suggesting or making the changes required themselves. Not being co-located removes some of the opportunities to get an idea of how someone is doing, for example, body language is largely filtered out in Google Hangouts. It was only when I reflected on this that I realised I’ve started relying on other indicators. Has our work around GDPR highlighted anything like this for you?
Martin: Another aspect of our GDPR implementation I’ve been reflecting on is the degree of visibility of our individual activity to each other. In the case of GDPR I put a lot of effort into researching what we were required to do as an organisation and understanding various aspects of the new regulations from a legal and practical perspective. Parts of this process left very few tangible outputs and in some cases some of the outputs were not suitable for circulation in the team. It was a reminder that it’s not always possible to share everything we do and a level of trust is required. It was also a reminder of why our weekly team meetings are so important and arguably more important than if we were working in a face-to-face setting. You mentioned that our ‘Show & Tell’ has recently focused on sharing how we each plan our work. It was interesting to see the diversity of approaches and the varying levels of detail that we each use. As my role is very diverse rather than having a single method I adapt my approach. For example, in the case of GDPR I’m using a mixture of our GDPR action plan in Google Documents and Sheets, Google Keep lists and managing my inbox with labels, stars/flags and snooze. For other projects like the Annual Conference we have a shared project plan we can all report our progress against. In the case of the Annual Conference this has changed little from when most of the team was office based. I think this still works well but wonder if we were creating this from scratch as a virtual team would you do something different, in particular, to increase the visibility of what we are all doing at a particular time?
Maren: I’d like to do that – spend time thinking about what starting from scratch would look like. I imagine that (1) our values, (2) the importance of working together with volunteers, our Members, and (3) our overall policies for working would remain constant. But… there are other factors: the size of the team means necessarily that many tasks are more independent and only some a consistent team effort. With 5-6 staff you can’t easily create sub-teams for example that would work together ‘more visibly’. I’ve also considered tools like Trello or Slack, but I’m not sure how well they’d work for everyone, and I feel allowing everyone a choice in which methods to use for organising work, e.g. what we shared in our to do list show & tell sessions, can really contribute to productivity. We have our overall operational plan which all other plans/lists are related to and in my mind that provides the consistency required – although maybe we could make use of it more frequently. Overall the high level of our output and achievement is a good indicator that our current practice is effective, and that is reassuring. What I mean to say is that we have an opportunity rather than having to reimagine what this could look like. Hearing you reflect on your perspective and comparing it to my own has opened up the question what this looks like for each of us. With a team away day coming up in a couple of weeks we could take the opportunity to dedicate some time to reflect on this as a group