Within the privacy project team, a working group ‘Communication & Change’ was formed. This working group together made a plan, which included the objectives, message and desired perception for internal communication. On this basis, plans and updates were communicated on a weekly basis via intranet, narrow casting and personal channels.
In order to increase the support within the entire organization, in each department a staff member was asked for the role of privacy pioneer. A privacy pioneer is an employee with above-average knowledge in the field of privacy. He or she serves as a point of contact for colleagues and identifies improvement possibilities. In addition, the privacy pioneer acts as an ambassador and motivates colleagues to deal with privacy and information security in a proper manner. The privacy pioneers meet each month for a knowledge session, workshop or skill training. In addition, they work together as a community through a collaborative platform. For example, they share best practices or can share requests for help.
To increase the overall awareness, all employees were obliged to follow an E-learning ‘privacy and information security’. All employees had to pass a test, which must be repeated annually. Other ways have also been assessed. For example, the office in Rotterdam was visited by a ‘mystery guest’, the front office was called by a ‘mystery caller’ and a ‘phishing test’ was performed among all employees. Also, members of the project team carried out weekly checks of workstations and green and red cards were deposited at workplaces.