Follow Mynewsdesk

Are you GDPR ready?

Blog post   •   Apr 19, 2018 10:00 BST

Most organizations today should be GDPR compliant already. And hopefully, most organizations will avoid the fines and embrace the opportunities that GDPR will bring to the PR industry. However, only time will reveal the actual impact these regulations will have on businesses.

The definitive GDPR checklist

Even if you’re a small business, you won’t be exempt from the rules. Making sure you know the facts is essential. Don’t make the mistake of thinking that GDPR isn’t relevant; not complying with it could result in a substantial financial drain on your company.

Streamlining and protecting data will not only have benefits for the people you work with, but it will also be critical to the relationships you build and grow with journalists. Being transparent about what data you hold on them, and protecting that data, will build trust and strengthen working relationships.

Here’s our definitive checklist:

1. Update your privacy policy

Make sure your privacy policy is up to date, with specifics stated such as:

  • The data retention period
  • The identity of the controller
  • The purposes of data processing
  • Who will have access to that data
  • Data transfer policies
  • An overview of the right to request
  • Consent withdrawal
  • How to lodge a complaint

Make sure it’s in a visible place on your website for individuals to reference at ease.

2. Define your legal ground for processing data

Ensure you have defined the legal ground for processing data, whether that’s consent or legitimate interest. Also, ensure you have the documentation should you need to prove compliance. If you opt for the legitimate interest route, ensure you carry out a Legitimate Interests Assessment (LIA) and that it’s available for everyone in your organization to reference.

Note, however, LIA may not apply to your organization either.

3. Handle deletion requests

Ensure you have a formal process in place for deletion requests from individuals and that everyone in the organization is clear as to whose responsibility it is to remove data.

4. Audit third parties

Are they GDPR compliant? It’s not enough to assume that third parties and suppliers are compliant — you need to ensure that they too adhere to the new regulations. Audit your vendors/sub-processor for GDPR compliance.

5. Prepare your staff

Train staff on best practice when it comes to GDPR. Make sure they know your privacy policy, as well as how they should be sharing and storing data. They should also be made aware of how GDPR will affect their day-to-day working. It’s essential they understand that relatively routine tasks, such as email blasts, may need to undergo greater scrutiny to ensure compliance before being sent, once the rules come into force.

If you would like to learn more about the implications of GDPR on the PR and communications industry, please get your copy of "GDPR - The Ultimate Guide for PR pros."

Get your copy!