Privacy activists have already gone after the likes of Facebook and Google since the General Data Protection Regulation (GDPR) arrived a week or so ago. I’m just grateful to have stopped receiving reminder emails to opt in to newsletters. It’s been an automatic ‘spring cleaning’ of my subscriptions and my inbox is already looking less cluttered!
From a marketing communications perspective, GDPR will be a hot topic for years to come as the legislation is still untested and more brands will come under fire for contravening the rules. There are many unanswered questions and with uncertainty comes the need to prepare for all scenarios.
Here are the key takeaways from a WE Communications GDPR panel I hosted two weeks ago in Covent Garden:
MAKE YOUR GDPR STRATEGY ENGAGING AND ACCESSIBLE: An organisation’s GDPR strategy shouldn’t be consigned to spreadsheets or text-heavy reams of documents saved somewhere on the intranet. It’s important that everyone in the business is aware of what it means to be GDPR-compliant and understands the organisation’s own GDPR story – and the best way to do that is to engage them with a memorable and user-friendly mobile-optimised plan. Continual reinforcement is essential, so face-to-face refresher events, coupled with regular digital training, will keep all employees aware of the rules.
GET READY FOR THE WORST CASE BY SIMULATING SCENARIOS: Once GDPR comes into effect, companies who experience a data breach must report it within 72 hours. It’s critical that businesses don’t see this window as time to plan. Press releases and statements should already be drafted and company-wide simulations (run at least once a year with everyone from the marketing team to the CEO) already carried out, so that if the worst should happen, communication remains clear and consistent to the media and consumers – and panic doesn’t throw everything into chaos.
MAKE SURE YOU HAVE A CLEAR LOG OF ALL DECISIONS MADE: Keeping detailed records of the rationale behind decisions made with regard to customer data is fundamental – even if it’s machine learning algorithms that are making them. What the Information Commissioner’s Office (ICO) wants to see is a log of the reasoning behind data processing, handling and storage that can be rationalised in “human-understandable terms”. This fact-based approach will also help when building out your communications narrative after a data breach.
KEEP RELEVANT STAKEHOLDERS INFORMED THROUGHOUT THE PROCESS: Don’t forget about the ways in which customers can be exploited through secondary fraud. If a breach were to happen, businesses must have a plan in place as to how they would communicate with customers in the aftermath. Sending out an email stating they’ll be in touch via email or telephone is a big no-no – fraudsters are skilled at mimicking such types of communication. The safest option is to ask customers to get in touch via the company website.
Please call or email me if you are interested in learning more about how WE Communications approaches GDPR. Besides protecting our privacy, GDPR is also an opportunity to understand ones audience better and target them with more relevant content. That can only be a good thing!