Most organizations today should be GDPR compliant already. And hopefully, most organizations will avoid the fines and embrace the opportunities that GDPR will bring to the PR industry. However, only time will reveal the actual impact these regulations will have on businesses.
The definitive GDPR checklist
Even if you’re a small business, you won’t be exempt from the rules. Making sure you know the facts is essential. Don’t make the mistake of thinking that GDPR isn’t relevant; not complying with it could result in a substantial financial drain on your company.
Streamlining and protecting data will not only have benefits for the people you work with, but it will also be critical to the relationships you build and grow with journalists. Being transparent about what data you hold on them, and protecting that data, will build trust and strengthen working relationships.
Here’s our definitive checklist:
- The data retention period
- The identity of the controller
- The purposes of data processing
- Who will have access to that data
- Data transfer policies
- An overview of the right to request
- Consent withdrawal
- How to lodge a complaint
Make sure it’s in a visible place on your website for individuals to reference at ease.
2. Define your legal ground for processing data
Ensure you have defined the legal ground for processing data, whether that’s consent or legitimate interest. Also, ensure you have the documentation should you need to prove compliance. If you opt for the legitimate interest route, ensure you carry out a Legitimate Interests Assessment (LIA) and that it’s available for everyone in your organization to reference.
Note, however, LIA may not apply to your organization either.
3. Handle deletion requests
Ensure you have a formal process in place for deletion requests from individuals and that everyone in the organization is clear as to whose responsibility it is to remove data.
4. Audit third parties
Are they GDPR compliant? It’s not enough to assume that third parties and suppliers are compliant — you need to ensure that they too adhere to the new regulations. Audit your vendors/sub-processor for GDPR compliance.
5. Prepare your staff
If you would like to learn more about the implications of GDPR on the PR and communications industry, please get your copy of "GDPR - The Ultimate Guide for PR pros."