/media/412740/shutterstock_784595185.jpg

WE UK’s GDPR Event: Key Communications Takeaways

This week I moderated WE UK’s event Are marketers and comms professionals ready for GDPR? with an all-star panel: Andrew Gould from the National Police Chiefs’ Council, Ashley Hurst from law firm Osbourne Clarke, Bryan Glick, Editor at  Computer Weekly and Gillian Edwards from Sermelo.

It was a thoroughly insightful conversation – here are just a few of the key takeaways from the guest speakers about how to prepare for the worst case scenario, and what to do if you or your client experiences a data breach.

 

1. Organise: Make your GDPR strategy engaging and accessible

An organisation’s GDPR strategy shouldn’t be consigned to spreadsheets or text-heavy reams of documents saved somewhere on the intranet. It’s important that everyone in the business is aware of what it means to be GDPR-compliant and understands the organisation’s own GDPR story – and the best way to do that is to engage them with a memorable and user-friendly mobile-optimised plan. Continual reinforcement is essential, so face-to-face refresher events, coupled with regular digital training, will keep all employees aware of the rules.

 

2. Prepare: Get ready for the worst case by simulating scenarios

Once GDPR comes into effect, companies who experience a data breach must report it within 72 hours. It’s critical that businesses don’t see this window as time to plan. Press releases and statements should already be drafted and company-wide simulations (run at least once a year with everyone from the marketing team to the CEO) already carried out, so that if the worst should happen, communication remains clear and consistent to the media and consumers – and panic doesn’t throw everything into chaos.

 

3. Track: Make sure you have a clear log of all decisions made

Keeping detailed records of the rationale behind decisions made with regard to customer data is fundamental – even if it’s machine learning algorithms that are making them. What the Information Commissioner’s Office (ICO) wants to see is a log of the reasoning behind data processing, handling and storage that can be rationalised in “human-understandable terms”.  This fact-based approach will also help when building out your communications narrative after a data breach.

 

4. Communicate: Keep relevant stakeholders informed throughout the process

Don’t forget about the ways in which customers can be exploited through secondary fraud. If a breach were to happen, businesses must have a plan in place as to how they would communicate with customers in the aftermath. Sending out an email stating they’ll be in touch via email or telephone is a big no-no – fraudsters are skilled at mimicking such types of communication. The safest option is to ask customers to get in touch via the company website.

Read more of our marketing and communications-related tips on how to get GDPR-ready here, and stay informed of our upcoming events here.  

#GDPR
#WE UK
#Communications
May 22, 2018

Marcus Sorour
VP International - Client Services

Read more by this author »

Blog Categories

B2C Communications
Brands in Motion
Communications & PR Trends
Corporate Reputation & Brand Purpose
Diversity, Equity & Inclusion
Health Communications
Integrated Marketing
Melissa Waggener Zorkin Blog
Social Innovation
Technology Communications
WE People & Culture
RSS Feed

The latest blogs from WE

Pride is Democracy

June 05, 2024 | Joe Mirabella, VP, Executive Digital Communications Strategy and WE Pride ERG Leader

Overcoming the Lack of Diversity in Clinical Trials

May 21, 2024 | Christina Corso, Executive Vice President, Health, Jocelyn Jackson, Senior Director, Insights & Analytics

Is Corporate Purpose Still Relevant in 2024?

March 28, 2024 | Libby Woolnough, Group Head - Corporate Reputation & Brand Purpose, WE Communications Australia

MNCs in China Must Prioritize Internal Communications

March 25, 2024 | Tony Zhang, Head of Corporate Practice, WE Red Bridge