How are your General Data Protection Regulation comms going? In April the Royal College of Nursing organised an organisational wide Big Delete in preparation for GDPR.

I’m thrilled to welcome Matthew Batten, Organisational Development Adviser at the Royal College of Nursing (RCN) back to the All Things IC blog to share how it went on 12 April 2018 and what’s changed since The Big Delete.

Jargon buster: GDPR is the General Data Protection Regulation, a piece of EU legislation that will supersede the Data Protection Act. On 25 May 2018, most processing of personal data by organisations will have to comply with the regulation.

GDPR aims to give people the power to say how their personal information is used, it also aims to keep data safer.

Here’s Matt @Matt_Batten1 to share what’s been going on…

The Big Delete turned out to be a Very Big Delete.

In total we deleted nearly 2TB of stale information from our drives.

To put that into context, that’s the equivalent of:

  • 34,000 hours of music
  • 2000 hours of video
  • 620,000 photos and,
  • Over 1000 hours of movies.

That’s quite an achievement considering this was the first time we ever attempted an all-user data cleanse.

To be honest, as a member organisation, we are very good at data protection and we have systems in place to ensure confidential data is stored securely and in the most appropriate place. But like many organisations, we have accumulated a lot of digital ‘stuff’ over the years.

Preparing for the GDPR was the perfect opportunity to change habits.

It was actually quite fun

Save it somewhere appropriate or delete it. Just don’t horde it. That was the message our senior management team took to their teams. And it was a message that worked well.

All that information that was once clogging up our IT systems has either been deleted or stored in a more appropriate place.

Getting involved

Lots of teams threw themselves into The Big Delete and made it a team effort. Our HR team rewarded their data cleansing efforts with a Really Big Del-eat buffet (nice play on words), the Nursing Department held a cake and delete session, East Midlands regional office held a team paper shredding event and the Legal team took a Doctor Who deep dive and baked a Cyberman cake – pictured below.

GDPR could have been a dry subject but in true RCN style we found the fun!

Changing the way we handle data

The Big Delete is also changing the way we work. We’re hearing many examples from teams who have been discussing their approach to data protection and making changes to safeguard the data we handle.

For example, we now have an organisation wide retention schedule that outlines what we need to keep and for how long, some team have disabled automatic suggestion of email addresses in Outlook to avoid sending emails to the wrong people and most importantly our shared drive is so much simpler to navigate now that we’ve cleaned up all the stale data.

Just when you thought it was safe to go back to your H drive…

GDPR could have been a very dry and dull subject to communicate but we’ve had a lot of fun thanks to The Big Delete. In fact, it was so successful that we’re doing it all over again with The Big Delete 2. This time we’re running a competition to find the best slogan based on a movie sequel.

So far we’ve had:

  • I Know What You Deleted Last Summer
  • The Big Delete 2: Electric Boogaloo
  • The ex-Files
  • Big Delete 2 ½: The Smell of Clear.

We also produced some additional guidance for our people – using simple animation and mobile phone videos. While I was given a budget I haven’t actually used it (except for the competition prize of cinema vouchers). There’s plenty of free tools out there. I’m a big fan of Canva and KineMaster because you can quickly create an image or video and get that out to your people instantaneously.

Make the dull sound fun

The Big Delete was all about very simple messaging to nudge behaviour. We wanted everyone to feel excited about GDPR and so all our communications had to feel fresh and lively with very clear messaging. Ultimately, we found the fun and that generate all the interest we needed.

I just found out that The Big Delete will now become an annual event. I’m already looking forward to adding it to our internal comms calendar!

Post author: Matt Batten.

Thank you Matt. Are you working on GDPR comms? I’ve published various articles on my blog to help you learn. See below for a round-up. I also recommend reading this article by Benjamin Ellis to understand Privacy and Electronic Communications Regulations (PECR).

Find out more about GDPR

If you’re looking for GDPR resources to help you, here’s what I’ve published to date:

Communicators share their top GDPR comms advice – thank you to the 46 comms pros who have offered their advice in the latest in my #ICVoices series.

Further reading on the All Things IC blog:

Resources to help you find out more about GDPR:

Where to get legal advice: free GDPR checklist

I am not a legal expert, however, I recommend contacting Suzanne Dibble, who is. I’ve bought the resources mentioned below to help me create my privacy policies, and recommend them.

There’s two options: a free checklist and a paid-for compliance pack.

Suzanne is a multi-award winning business lawyer who consults with multi-nationals on data protection law and the upcoming GDPR.

The Legal Services Board and the Law Society have heralded her innovative approach to helping small business owners with complex regulations. Suzanne worked with Richard Branson at Virgin where she managed a group wide data protection project which resulted in Virgin nominating Suzanne for the Solicitor of the Year Award and subsequently Suzanne was runner up in this prestigious award.

She has published a free GDPR Checklist which guides you through what you need to know.

You can access it here: https://jz993.isrefer.com/go/gdprcl/RachelMiller.

Where to get legal advice: purchase a GDPR compliance pack

Suzanne has also created a GDPR Compliance Pack, which costs £197. She says: “My pack contains 20 legal document templates and checklists that you will need post GDPR, regardless of the size of your business.”

You can buy it here: https://jz993.isrefer.com/go/gdpr/RachelMiller.

It includes:

  • MODULE ONE: Email for refreshing consent GDPR compliant privacy policy, GDPR checklist inc processing checklist
  • MODULE TWO: Data processing inventory Legitimate Interests Assessment form, Data transfer checklist, Processor Agreement
  • MODULE THREE: Marketing checklist Records retention policy, DPO checklist
  • MODULE FOUR: Employer checklist Employee privacy statement
  • MODULE FIVE: Employee subject access request form, Response to employee subject access request
  • MODULE SIX: Cookie policy Subject access record
  • MODULE SEVEN: Data breach record, Data breach checklist, DPIA form, Data Retention Policy.

You can buy it here: https://jz993.isrefer.com/go/gdpr/RachelMiller.

Disclosure: This is an affiliate link. If you buy Suzanne’s pack as a result of visiting this link, I will receive a small commission for referring you to her services. 

First published on the All Things IC blog 21 May 2018.

FREE DOWNLOAD!
GET YOUR FREE DAILY PLANNER 
I've put together this free planner to help you plan your 
time more effectively

Enter your details below to receive your copy.
YES PLEASE
Close
JOIN THE ALL THINGS IC EMAIL LIST
Enter your email address below to get my monthly newsletter The Water Cooler, plus the latest IC news and updates.
YES PLEASE
Close
STAY UP TO DATE
JOIN THE ALL THINGS IC EMAIL LIST
Enter your email address to get my monthly The Water Cooler newsletter plus the latest internal comms updates.

As a thank you, you'll also receive a copy of my Channels Matrix
YES PLEASE
We collect, use and protect your data in line with our privacy policy
Close
Sign up for The Water Cooler to get the latest IC news direct to your inbox
Sign me up
close-image