GDPR: Addressing myths and alleviating the fear
The General Data Protection Regulation – also known as GDPR – is a data protection regulation that will come into effect across Europe in May 2018. While the regulation has caused some anxiety and worry among European organisations, the intent of the GDPR is to strengthen data protection practices and bring them into the 21st Century.
At the 2017 Granicus Public Sector Communications Conference in London, a panel addressed the myths associated with the GDPR and how communications leaders can work to better inform internal staff and the public on what the changes mean for them. You can watch the video of the talk here.
The three panelists including Holly Bremner, Head of Dissemination at the Centre of Excellence for Information Sharing, Imogen Heywood, Engagement Manager at the Centre of Excellence for Information Sharing, and David Teague, Regional Manager at the Information Commissioner’s Office, addressed a number of the common misconceptions about GDPR and identified the opportunities that it presents to communicators to build trust and engage citizens.
According to Imogen, communicators have three primary roles to play in GDPR:
- Get Your House In Order:
In other words, now is the time for communicators to audit their own operations, the data they hold and for what purpose, and ensure they are compliant ready for May 2018. The GDPR uses much of the Data Protection Act (DPA) as a base and simply builds on it. So if you already have a robust system in place for sharing information and managing data, you may not need to do anything drastically different to what you’re doing now. Now is also the time to plan ahead and shape the message comms teams should be involved in communicating before, during and after GDPR comes into effect in 2018.
2. Help Reduce Fear:
The media hype of huge fines around the GDPR may create barriers to information sharing. Fear is never a good starting point for change, particularly since it can mean people bury their heads in the sand and relationships are damanged between partners and the public. Communicators have an important part to play in reducing fear from within public sector organisations and externally with the public. If communicators focus more on connecting with the public on the “why” behind GDPR, it can help reduce the myths, fear, anxiety and misconceptions around the regulation.
3. Change The Conversation:
There is a spotlight on the digital economy and comms with the passing of the GDPR, and now is the time to engage the public and speak with them about the legislation that’s designed to give them more control and say about how their data is used. For example, now could be the time to check and ask the public about what information they want to receive on services provided by the public sector. GDPR initiates the conversation, but it’s up to the public sector to take advantage of the open door. You can help facilitate that dialogue and build trust with audiences. With the roles that communicators can play in mind, David Teague from the Information Commissioner’s Office spoke more about the myths and reality of GDPR.
Myth #1: GDPR Will Be A Big Job For Data Teams
One of the most common misconceptions of the GDPR is that it will require huge amounts of work, staff time and dedication to data protection. In reality, if organisations are managing data protection well now, they will not see much change. In the modern world, personal data is processed in so many different ways, but the law that regulates them now was passed in 1998 – before social media or a variety of other norms we know well today. GDPR is primarily about updating those and bringing data protection into the 21st Century.
Myth #2: You Must Have Consent Under GDPR
A phrase that continues to be repeated on the topic of GDPR is that it “mandates individual consent” for information. In other words, all individuals must give their information willingly in order for key processes to continue as usual. This policy would not work across many public sector practices – for example, a police officer or investigator needing vital information in an emergency in order to do their duty. Most organisations in the public sector have a legal obligation to publish certain types of information that do not require consent. However, you should read the detailed guidance the ICO has published on consent under the GDPR, and use their consent checklist to review your practices.
Myth #3: GDPR Means Large Fines
The reality is, there are data breaches across the public sector regardless of GDPR’s regulations. A common misconception is that any breach under GDPR will result in large fines immediately. In reality, the Information Commissioner’s Office is not going to demand an organisation write a cheque the moment there is a data breach. However you should be able to show you’re working towards compliance and get there quickly – it’s no good just burying your head in the sand.
Next Step: Build A Strategy
While the rumours persist about GDPR, the panel of speakers at the Public Sector Communications Conference in London urged attendees that the most important thing to remember is that the GDPR presents a great opportunity to develop an effective communications strategy to eliminate these myths, now. Be seen as an authoritative voice and help lead your organisation along the way to full compliance. Comms teams can support staff to be confident in their data practices.
Holly Bremner from the Centre of Excellence for Information Sharing wrapped up the panel by highlighting the two primary components to building an effective strategy:
- Internally: No matter your organisation, test the temperature of how team members are feeling about the GDPR. This can present a good opportunity to alleviate fears and over-communicate about steps your organisation is taking to address the changes. This is also a good opportunity to provide support options if people need them.
- Externally: Connect with the public on what your organisation is doing now to prepare for the GDPR, and change the conversation to your advantage. Myth-busting now is much more proactive than in May next year, and it will build trust with the public ahead of time.
This policy change – while very important and one that will impact many organisations across Europe – is a process, and it’s important to bring the public with you on the journey. All three of the panelists on “GDPR: Myth Busting for Comms People” emphasised that communicators are the glue that connects legislation with the people who it impacts, and so it’s crucial to plan, execute and follow up with the public accordingly.
To watch this panel discussion, or any of the other sessions during #UKComm17, view the on-demand version here.
More handy GDPR resources: