Internal Communications: How to Prepare for GDPR Compliance [Timeline]

Posted 04 January, 2018 in Compliance, Security

gdpr preparation timeline snapcomms

 

While it may seem like an administrative nightmare for employers, the onset of GDPR ironically presents a unique opportunity to improve engagement and communication with staff.

 

If employees know their data is being properly cared for, and that a formalised data privacy policy can help you design more relevant, personalised communications, they’ll be more inclined to give consent.

 

Here’s a suggested timeline to help get your GDPR-house in order.

 

  • 5 months before May 2018 deadline

 

This is the awareness-building phase: reach out to all staff as soon as possible to let them know GDPR is coming. The media noise around this topic will increase over the coming months, so being on the front-foot will reassure staff. Follow up with a survey to ascertain if staff have any concerns or questions about GDPR; their feedback will help shape your communications in the coming months.

 

  • 4 months before May 2018 deadline

 

Start to build examples of how tighter control of personal data management will benefit employees. Demonstrate the merit of more targeted communications. Use examples that show how data can serve up relevant information, to help employees in their job. The aim is to engender a sense of ‘don’t miss out’.

 

  • 3 months before May 2018 deadline

 

Commence a countdown campaign to build momentum. Posters, screensavers and tickers are ideal visual channels for sparking interest and informing staff of action required.  Where possible, include links to more detailed information on your Intranet. 

 

  • 2 months before May 2018 deadline

 

By now, the world will have a much clearer picture of what’s required to comply with GDPR. Your staff are likely to have done their own research on its implications and will be able to make an informed decision. It is anticipated most employers will use ‘legitimate interest’ as a legal basis under the new regime to process employee data. However, if you do need to seek ‘explicit’ permission, start the enrolment / opt in process. Use internal communications tools (such as a SnapComms Registration Alert) to collect responses. This tool has been designed for precisely this form of data collection. Ensure your chosen response mechanism is highly secure and complies with the data protection rules.

 

  • 1 month before May 25th deadline

 

Your countdown campaign should be well underway. Host a meeting to address FAQs. Repurpose this content into multiple communication assets, such as an explainer video and fact sheet.  If you need to demonstrate GDPR-compliancy in your internal comms, consider including text that says: “This communication was sent using SnapComms. The data stored in the SnapComms platform includes information needed to send you such a message. This may include a digital identifier, such as your User Name.”

 

 

  • 1 week before May 25th deadline

 

By now, you – and all other affected functions in your organisation, such as sales, marketing, IT, and finance - should be GDPR-compliant.

 

If GDPR compliance is based on employee consent, and some staff have opted out of specific comms, you can still use alternative techniques to get important messages across. Broadcast screensavers onto screens in communal areas, or target your messages to machines (rather than individuals). For example, alerts, tickers and other SnapComms channels can be published without the need for personal data for targeting.

 

If you have any questions relating to SnapComms-compliancy with GDPR, please get in touch.

 

Read more about how HR can get prepared for GDPR.

 

Compliance, Security