WE UK’s GDPR Event: Key Communications Takeaways

This week I moderated WE UK’s event Are marketers and comms professionals ready for GDPR? with an all-star panel: Andrew Gould from the National Police Chiefs’ Council, Ashley Hurst from law firm Osbourne Clarke, Bryan Glick, Editor at  Computer Weekly and Gillian Edwards from Sermelo.

It was a thoroughly insightful conversation – here are just a few of the key takeaways from the guest speakers about how to prepare for the worst case scenario, and what to do if you or your client experiences a data breach.


1. Organise: Make your GDPR strategy engaging and accessible

An organisation’s GDPR strategy shouldn’t be consigned to spreadsheets or text-heavy reams of documents saved somewhere on the intranet. It’s important that everyone in the business is aware of what it means to be GDPR-compliant and understands the organisation’s own GDPR story – and the best way to do that is to engage them with a memorable and user-friendly mobile-optimised plan. Continual reinforcement is essential, so face-to-face refresher events, coupled with regular digital training, will keep all employees aware of the rules.


2. Prepare: Get ready for the worst case by simulating scenarios

Once GDPR comes into effect, companies who experience a data breach must report it within 72 hours. It’s critical that businesses don’t see this window as time to plan. Press releases and statements should already be drafted and company-wide simulations (run at least once a year with everyone from the marketing team to the CEO) already carried out, so that if the worst should happen, communication remains clear and consistent to the media and consumers – and panic doesn’t throw everything into chaos.


3. Track: Make sure you have a clear log of all decisions made

Keeping detailed records of the rationale behind decisions made with regard to customer data is fundamental – even if it’s machine learning algorithms that are making them. What the Information Commissioner’s Office (ICO) wants to see is a log of the reasoning behind data processing, handling and storage that can be rationalised in “human-understandable terms”.  This fact-based approach will also help when building out your communications narrative after a data breach.


4. Communicate: Keep relevant stakeholders informed throughout the process

Don’t forget about the ways in which customers can be exploited through secondary fraud. If a breach were to happen, businesses must have a plan in place as to how they would communicate with customers in the aftermath. Sending out an email stating they’ll be in touch via email or telephone is a big no-no – fraudsters are skilled at mimicking such types of communication. The safest option is to ask customers to get in touch via the company website.

Read more of our marketing and communications-related tips on how to get GDPR-ready here, and stay informed of our upcoming events here.  

May 22, 2018

Marcus Sorour
VP International - Client Services