How are your General Data Protection Regulation comms going? In April the Royal College of Nursing organised an organisational wide Big Delete in preparation for GDPR.
I’m thrilled to welcome Matthew Batten, Organisational Development Adviser at the Royal College of Nursing (RCN) back to the All Things IC blog to share how it went on 12 April 2018 and what’s changed since The Big Delete.
Jargon buster: GDPR is the General Data Protection Regulation, a piece of EU legislation that will supersede the Data Protection Act. On 25 May 2018, most processing of personal data by organisations will have to comply with the regulation.
GDPR aims to give people the power to say how their personal information is used, it also aims to keep data safer.
Here’s Matt @Matt_Batten1 to share what’s been going on…
The Big Delete turned out to be a Very Big Delete.
In total we deleted nearly 2TB of stale information from our drives.
To put that into context, that’s the equivalent of:
- 34,000 hours of music
- 2000 hours of video
- 620,000 photos and,
- Over 1000 hours of movies.
That’s quite an achievement considering this was the first time we ever attempted an all-user data cleanse.
To be honest, as a member organisation, we are very good at data protection and we have systems in place to ensure confidential data is stored securely and in the most appropriate place. But like many organisations, we have accumulated a lot of digital ‘stuff’ over the years.
Preparing for the GDPR was the perfect opportunity to change habits.
It was actually quite fun
Save it somewhere appropriate or delete it. Just don’t horde it. That was the message our senior management team took to their teams. And it was a message that worked well.
All that information that was once clogging up our IT systems has either been deleted or stored in a more appropriate place.
Lots of teams threw themselves into The Big Delete and made it a team effort. Our HR team rewarded their data cleansing efforts with a Really Big Del-eat buffet (nice play on words), the Nursing Department held a cake and delete session, East Midlands regional office held a team paper shredding event and the Legal team took a Doctor Who deep dive and baked a Cyberman cake – pictured below.
GDPR could have been a dry subject but in true RCN style we found the fun!
Changing the way we handle data
The Big Delete is also changing the way we work. We’re hearing many examples from teams who have been discussing their approach to data protection and making changes to safeguard the data we handle.
For example, we now have an organisation wide retention schedule that outlines what we need to keep and for how long, some team have disabled automatic suggestion of email addresses in Outlook to avoid sending emails to the wrong people and most importantly our shared drive is so much simpler to navigate now that we’ve cleaned up all the stale data.
Just when you thought it was safe to go back to your H drive…
GDPR could have been a very dry and dull subject to communicate but we’ve had a lot of fun thanks to The Big Delete. In fact, it was so successful that we’re doing it all over again with The Big Delete 2. This time we’re running a competition to find the best slogan based on a movie sequel.
So far we’ve had:
- I Know What You Deleted Last Summer
- The Big Delete 2: Electric Boogaloo
- The ex-Files
- Big Delete 2 ½: The Smell of Clear.
We also produced some additional guidance for our people – using simple animation and mobile phone videos. While I was given a budget I haven’t actually used it (except for the competition prize of cinema vouchers). There’s plenty of free tools out there. I’m a big fan of Canva and KineMaster because you can quickly create an image or video and get that out to your people instantaneously.
Make the dull sound fun
The Big Delete was all about very simple messaging to nudge behaviour. We wanted everyone to feel excited about GDPR and so all our communications had to feel fresh and lively with very clear messaging. Ultimately, we found the fun and that generate all the interest we needed.
I just found out that The Big Delete will now become an annual event. I’m already looking forward to adding it to our internal comms calendar!
Post author: Matt Batten.
Thank you Matt. Are you working on GDPR comms? I’ve published various articles on my blog to help you learn. See below for a round-up. I also recommend reading this article by Benjamin Ellis to understand Privacy and Electronic Communications Regulations (PECR).
Find out more about GDPR
If you’re looking for GDPR resources to help you, here’s what I’ve published to date:
Communicators share their top GDPR comms advice – thank you to the 46 comms pros who have offered their advice in the latest in my #ICVoices series.
Further reading on the All Things IC blog:
- How a charity is preparing for GDPR
- How Bristol Water is preparing for GDPR
- Are you ready for GDPR and Shadow Comms?
- How the Royal College of Nursing is preparing for GDPR.
Resources to help you find out more about GDPR:
- Preparing for GDPR – checklist from the ICO: Self assessment to help you get ready
- GDPR considerations for internal comms: checklist from CIPR Inside
- Data controllers and data processors, what’s the difference? Guidance from the ICO
- Calendar of events and webinars to learn about GDPR
- The impact of GDPR on the PR industry
- Transcript of #commschat on GDPR from March 2017
- Information Commissioner’s Office website
- See @ICOnews on Twitter
- GDPR article by The Global Alliance for Public Relation and Communication Management
- CIPR GDPR webinar
- Article: GDPR compliance, what does it mean for internal communicators?
- Beekeeper’s 31 point checklist
- What GDPR means for marketeers
- Email marketing is changing.
- Figshare: GDPR tool for handing Data-Subject rights and requests
- Article: The GDPR and all that
- Article: GDPR and the fish finger sandwich.
I am not a legal expert, however, I recommend contacting Suzanne Dibble, who is. I’ve bought the resources mentioned below to help me create my privacy policies, and recommend them.
There’s two options: a free checklist and a paid-for compliance pack.
Suzanne is a multi-award winning business lawyer who consults with multi-nationals on data protection law and the upcoming GDPR.
The Legal Services Board and the Law Society have heralded her innovative approach to helping small business owners with complex regulations. Suzanne worked with Richard Branson at Virgin where she managed a group wide data protection project which resulted in Virgin nominating Suzanne for the Solicitor of the Year Award and subsequently Suzanne was runner up in this prestigious award.
She has published a free GDPR Checklist which guides you through what you need to know.
You can access it here: https://jz993.isrefer.com/go/gdprcl/RachelMiller.
Where to get legal advice: purchase a GDPR compliance pack
Suzanne has also created a GDPR Compliance Pack, which costs £197. She says: “My pack contains 20 legal document templates and checklists that you will need post GDPR, regardless of the size of your business.”
You can buy it here: https://jz993.isrefer.com/go/gdpr/RachelMiller.
- MODULE TWO: Data processing inventory Legitimate Interests Assessment form, Data transfer checklist, Processor Agreement
- MODULE THREE: Marketing checklist Records retention policy, DPO checklist
- MODULE FOUR: Employer checklist Employee privacy statement
- MODULE FIVE: Employee subject access request form, Response to employee subject access request
- MODULE SEVEN: Data breach record, Data breach checklist, DPIA form, Data Retention Policy.
You can buy it here: https://jz993.isrefer.com/go/gdpr/RachelMiller.
Disclosure: This is an affiliate link. If you buy Suzanne’s pack as a result of visiting this link, I will receive a small commission for referring you to her services.
First published on the All Things IC blog 21 May 2018.