As the General Data Protection Regulation (GDPR) countdown clocks strike 00:00:00, we must all be wondering, what on earth does GDPR mean? Another acronym to remember. Another agenda point in the boardroom. Another ‘investment’ line on the balance sheet. Today marks a new era for data protection. Sounds epic, doesn’t it?
25 May 2018 will forever be remembered as the deadline for all organisations in Europe to be GDPR compliant.
GDPR is Europe’s biggest data protection overhaul in 20 years. And rightly so. The internet and the way we use it is unrecognisable since regulations surfaced in the late 1990s. The internet has manifested into an abyss of data so large the human brain finds it difficult to comprehend. And grown with it are the methods of how data is collected, analysed and used. The good, bad and damn right ugly.
Hailed as a method to ‘harmonise’ data protection, there’s been some mysticism about what happens now. GDPR isn’t new for many of us working in PR, especially those working close to technology brands. Some might even feel a little bit exhausted by it already. GDPR brings significant change to technologies relationship with data and as such, a proactive and honest communications strategy in how systems and processes will manage the new law.
Through that, have many stopped to think about what it means for our own industry? Communications exists by building and maintaining meaningful relationships which often require a certain degree of information and data exchange – personal data. Insights on people inspires what we do. The backbone to our thinking, a backbone that this law is changing.
From right this very second, brands can’t use personal or personally identifiable data unless they have explicit permission to do so. As experts representing the worlds brands, big and small, and in an industry growing in transparency and ethical practice, this is a law not to be sniffed at. The punishment for not following GDPR guidelines is hefty – up to €20 million or 4% of global turnover, whichever is higher. Ouch.
Some top tips to manage the changes:
Data on influencers and journalists belong to the individual who holds the rights to it
Take time to understand where and when data is held and when to delete it – anonymising data doesn’t require the same levels of permission
Work to up to data and relevant lists of who you need to engage with, so every approach is personalised and relevant
Get permission and document it
Educate and prepare all team members
In a world where trust has never been so closely linked to reputation, we must see a new law built to give us greater protection and rights to individuals as a good thing. Rumours of bad will always surface. It will help to line lawyer’s pockets and it will be a fine some organisations budget for before undertaking the overhaul to be compliant, but it also encourages relatively new and important themes such as ‘the right to be forgotten’. It helps to engrain security into working culture, so it becomes the responsibility of everyone. And it is something the communications industry should welcome with open ethical arms.