After spending the last 13 or so years growing Synergy Creative into one of the…
Forget winter, GDPR is coming. New regulations mean that misuse of data can mean huge financial penalties. And with data leaks most likely to come from employees, HR and Internal Comms pros need to know what these changes mean.
Check your diary, 25th May 2018. Anything there? It seems an innocuous enough date but if your organisation handles any personal data of people living in the EU, you’ll want to get your Sharpie out, it’s GDPR day.
What is GDPR?
General Data Protection Regulation (GDPR) applies to all businesses operating within the European Union. In a nutshell it’s being brought in to regulate and standardise how companies handle and use personal data. If your company does handle personal data, you’re going to need to prove that consent was given to hold it, be able to show what the data is being used for, and how it’s being protected*. It comes into effect on the 25th of May next year.
How does it affect my business?
The fines for not complying can be pretty big, either 4% of annual global turnover or €20 million – whichever is higher – GULP! To give that a bit of context, according to The Register, Pharmacy2U’s £130,000 fine for selling customer data without consent would look like £4.4 million from next year, and TalkTalk’s 2016 cybersecurity breach fine of £400,000 would rocket to £59 million. Businesses aren’t falling over themselves to get up to speed either, RSA found that 28% of companies are unaware, 29% aren’t doing anything and only 43% are preparing for the forthcoming GDPR. Oh, and for all the Brexiteers out there, GDPR still applies, even after the UK leaves the EU.
The internal comms issue – employees are risky!
Three out of five companies say their biggest risk comes from employees handling, sharing and processing data incorrectly. And if you’ve read our highlights from our engaging remote workers ‘hackathon’, we know that employees are more than happy to go around official apps, platforms and processes if it means being more effective at work. Group messenger app Yapster recently found that almost two-thirds (64%) of 18-34 year olds use personal messaging services for work, 29% use personal email in the workplace and 11% even admitted to sharing sensitive business information like trading data, internal documents, or contact details on private message apps. It’s hard to blame them, it’s much easier to send a message to a colleague with the details of say, a customer address for an appointment on Whatsapp, than having to scroll through endless emails.
What can HR and Internal Comms do?
We’ll definitely see HR, IT and Comms teams coming together to help get up to speed. Here’s our top tips for what HR and internal comms teams can do.
1. Find out where your data flows Connect with your IT team to get an audit of your current company data processes. Where does the data flow within the business and where does it come into contact with your employees. This’ll give you a good starting point.
2. Talk to your team It sounds an obvious one, but it’s really important to talk to your people and find out how they’re using apps like Whatsapp and Facebook Messenger. Are they sharing sensitive information about customers or colleagues with others?
3. Inform and educate Let your team know about the new regulation, outline what it means to them and their role. If you’re bringing in new guidance and processes as a result, you’ll want to equip managers with the necessary information to cascade it down to their teams.
4. Onboard new comms tools There’s a chance you’ll be updating your communications tools, or placing more of a focus on their use internally, so providing training to your teams across the business will definitely help long term and help avoid any confusion!
Are you preparing for GDPR? Let us know on Twitter @synergycreative *We’re not data security experts, or legal eagles, so go to a professional for advice on those things!
Further reading: Information Commissioners Office GDPR overview: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/ Beekeeper’s 31 point GDPR assessment programme: https://www.beekeeper.io/gdpr-compliance