Within the privacy project team, a working group ‘Communication & Change’ was formed. This working group together made a plan, which included the objectives, message and desired perception for internal communication. On this basis, plans and updates were communicated on a weekly basis via intranet, narrow casting and personal channels.
In order to increase the support within the entire organisation, in each department a staff member was asked for the role of privacy pioneer. A privacy pioneer is an employee with above-average knowledge in the field of privacy. He or she serves as a point of contact for his colleagues and identifies improvement possibilities. In addition, the privacy pioneer acts as an ambassador and motivates his colleagues to deal with privacy and information security in a proper manner. The privacy pioneers meet each month for a knowledge session, workshop or skill training. In addition, they work together as a community through a collaborative platform. For example, they share best practices or can share requests for help.
To increase the overall awareness, all employees were obliged to follow an E-learning ‘privacy and information security’. All employees had to pass a test, which must be repeated annually. Other ways have also been assessed. For example, the office in Rotterdam was visited by a ‘mystery guest’, the front office was called by a ‘mystery caller’ and a ‘phishing test’ was performed among all employees. Also, members of the project team carried out weekly checks of workstations and green and red cards were deposited at workplaces.