Internal Communications: How to Prepare for GDPR Compliance [Timeline]

Posted 04 January, 2018 in Compliance and Ethics, Internal Communications

gdpr preparation timeline snapcomms


While it may seem like an administrative nightmare for employers, the onset of GDPR ironically presents a unique opportunity to improve engagement and communication with staff.

If employees know their data is being properly cared for, and that a formalized data privacy policy can help you design more relevant personalized communications, they’ll be more inclined to give consent.

Here’s a suggested timeline to help get your GDPR-house in order.

  • 5 months before May 2018 deadline

This is the awareness-building phase: reach out to all staff as soon as possible to let them know GDPR is coming. The media noise around this topic will increase over the coming months, so being on the front foot will reassure staff. Follow up with a survey to ascertain if staff have any concerns or questions about GDPR; their feedback will help shape your communications in the coming months.

  • 4 months before May 2018 deadline

 Start to build examples of how tighter control of personal data management will benefit employees. Demonstrate the merit of more targeted communications. Use examples that show how data can serve up relevant information, to help employees in their job. The aim is to engender a sense of ‘don’t miss out’.

  •  3 months before May 2018 deadline

 Commence a countdown campaign to build momentum. Posters, screensavers, and tickers are ideal visual channels for sparking interest and informing staff of action required.  Where possible, include links to more detailed information on your Intranet.  

  • 2 months before May 2018 deadline

By now, the world will have a much clearer picture of what’s required to comply with GDPR. Your staff are likely to have done their own research on its implications and will be able to make an informed decision. It is anticipated most employers will use ‘legitimate interest’ as a legal basis under the new regime to process employee data.

If you do need to seek ‘explicit’ permission, start the enrolment / opt-in process. Use internal communications tools (such as a SnapComms Registration Alert) to collect responses. This tool has been designed for precisely this form of data collection. Ensure your chosen response mechanism is highly secure and complies with the data protection rules.


  • 1 month before May 25th deadline

 Your countdown campaign should be well underway. Host a meeting to address FAQs. Repurpose this content into multiple communication assets, such as an explainer video and fact sheet.  

If you need to demonstrate GDPR-compliance in your internal comms, consider including text that says: “This communication was sent using SnapComms. The data stored in the SnapComms platform includes information needed to send you such a message. This may include a digital identifier, such as your User Name.”


  • 1 week before May 25th deadline 

By now, you – and all other affected functions in your organization, such as sales, marketing, IT, and finance - should be GDPR-compliant.

If GDPR compliance is based on employee consent, and some staff has opted out of specific comms, you can still use alternative techniques to get important messages across. Broadcast screensavers onto screens in communal areas, or target your messages to machines (rather than individuals). For example, alerts, tickers, and other SnapComms channels can be published without the need for personal data for targeting.

If you have any questions relating to SnapComms-compliance with GDPR, please get in touch.

Read more about how HR can get prepared for GDPR.


Compliance and Ethics Internal Communications

Susan Bowden

More blogs by Susan Bowden

Susan Bowden is Marketing Manager at SnapComms, a world-leading provider of digital internal communication tools.