How the Royal College of Nursing is preparing for GDPR

How are you communicating the General Data Protection Regulation actions you need to take?

I’m thrilled to welcome Matthew Batten, Organisational Development Adviser at the Royal College of Nursing (RCN) to the All Things IC blog.

He’s kindly written a guest article to share what they’ve been doing ahead of the May 2018 deadline. Do you have a story to share? Do check out my guidelines and get in touch.

Jargon buster: GDPR is the General Data Protection Regulation, a piece of EU legislation that will supersede the Data Protection Act. On 25 May 2018, most processing of personal data by organisations will have to comply with the regulation.

GDPR aims to give people the power to say how their personal information is used, it also aims to keep data safer.

See the end of this article for a list of resources including article, toolkits, events and webinars to help you learn more about it. I’ve published various articles to date including: How a charity is preparing for GDPRHow Bristol Water is preparing for GDPR and Are you ready for GDPR and Shadow Comms?

RCN is the world’s largest union and professional body for nursing staff. Matt has worked at the RCN for 10 years and leads on employee engagement and the new starter onboard programme. You can follow him on Twitter @Matt_Batten1 or on Linkedin.

I’ll hand you over…

Finding the call to action with GDPR

To be honest, I’ve been involved in far sexier projects than GDPR in the 10 years I’ve worked at the Royal College of Nursing. How on earth do you make data protection sound interesting?

We all know GDPR is coming and we all know we need to do something about it. The challenge is finding that one thing that makes GDPR meaningful to our people.

Having assembled a project team to lead us towards GDPR nirvana, we set about running our GDPR engagement plan like a campaign.

And what do all successful campaigns need? One memorable and clear call to action.

Dear reader, allow me to introduce you to The Big Delete.

Would you let your house get as cluttered as your inbox?

That’s the question we asked our people when we launched The Big Delete – our first ever all-user digital clean up. Under the GDPR there needs to be a legitimate reason for storing data. Keeping something ‘just in case’ is not a good enough reason. And keeping copies of information in multiple places is also a no-no.

The Big Delete is about changing habits and creating an environment where personal information is stored in the most appropriate place and for no longer than is necessary.

So our ask was simple: put aside an hour of your time to detox your stale data.

One day. One hour. One big delete.

A strong call to action requires an equally strong image. We wanted something striking and with as few words as possible. It should be immediately obvious what The Big Delete is about. I had a lot of interest when I Tweeted the image so it seems to have done the trick. We’re very happy with how well our branding turned out.

Lead it. Delete it.

No internal campaign has ever been successful without ownership from the top which is why The Big Delete is being led by our senior management team. Lead it. Delete it. That’s the message to our senior managers.

We sent them a flyer for The Big Delete asking them to do two things: brief their teams about The Big Delete and make sure everyone puts an hour in the diary to take part (on 12 April 2018).

Love your data

Naturally, people feel nervous about the prospect of permanently deleting information. So leading up to The Big Delete we began producing a series of guides called Love your data, launched, predictably, on Valentine’s Day. These online guides give tips and actions to take in preparation for the GDPR.

They cover things like how to organise and delete your emails, guidance about personal and shared drives and most importantly, what information to keep and for how long, where it needs to be stored, what information we store centrally and what you can confidently get rid of.

Measuring success

The best thing about working with data is that it’s easy to measure. Our IT team can tell how much data we have stored on our systems right now and how much has been deleted after The Big Delete.

If I were a betting man I’d say the odds of us having a Big Delete totaliser were pretty high!

Trust us with your data

If there’s one message that we want our people to remember it’s this… keeping member, customer and employee personal data secure is not just a technical requirement – it has a direct impact on customer experience. They trust us with their data and we need to make sure we’re taking good care of their personal information.

It’s a simple enough reason backed up with a simple enough call to action. Who says you can’t make the GDPR interesting?

Post author: Matthew Batten.

Thank you Matt. Do please let us know how it goes on 12 April and I’ll update this article with your results.

How are you preparing for GDPR? If you’re looking for resources to help you, here’s what I’ve published to date:

Further reading on the All Things IC blog:

Resources to help you find out more about GDPR:

Where to get legal advice: free GDPR checklist

I am not a legal expert, however, I recommend contact Suzanne Dibble, who is. I’ve bought the resources mentioned below and recommend them. There’s two options: a free checklist and a paid-for compliance pack.

Suzanne is a multi-award winning business lawyer who consults with multi-nationals on data protection law and the upcoming GDPR.

The Legal Services Board and the Law Society have heralded her innovative approach to helping small business owners with complex regulations. Suzanne worked with Richard Branson at Virgin where she managed a group wide data protection project which resulted in Virgin nominating Suzanne for the Solicitor of the Year Award and subsequently Suzanne was runner up in this prestigious award.

She has published a free GDPR Checklist which guides you through what you need to know.

You can access it here:

Where to get legal advice: purchase a GDPR compliance pack

Suzanne has also created a GDPR Compliance Pack, which costs £197. She says: “My pack contains 20 legal document templates and checklists that you will need post GDPR, regardless of the size of your business.”

You can buy it here:

It includes:

  • MODULE ONE: Email for refreshing consent GDPR compliant privacy policy, GDPR checklist inc processing checklist
  • MODULE TWO: Data processing inventory Legitimate Interests Assessment form, Data transfer checklist, Processor Agreement
  • MODULE THREE: Marketing checklist Records retention policy, DPO checklist
  • MODULE FOUR: Employer checklist Employee privacy statement
  • MODULE FIVE: Employee subject access request form, Response to employee subject access request
  • MODULE SIX: Cookie policy Subject access record
  • MODULE SEVEN: Data breach record, Data breach checklist, DPIA form, Data Retention Policy.

You can buy it here:

Disclosure: This is an affiliate link. If you buy Suzanne’s pack as a result of visiting this link, I will receive a small commission for referring you to her services. 

Want to learn about internal communication?

You’re welcome to join me at my upcoming All Things IC Masterclasses in London. See my website to discover what’s on and save your place.

First published on the All Things IC blog 27 March 2018.


  1. Liz Reynolds says:

    Thanks for sharing Matt. It’s a really clear employee-focused explanation and sounds like a great campaign. Good luck on the 12th.

Submit a comment

Your email address will not be published. Required fields are marked *

How can we help?

All Things IC helps practitioners around the globe increase their knowledge of internal communication.

There’s a variety of ways we can support you including trainingconsultancy and 1-2-1 support to boost your skills and confidence.

Or visit the shop to see everything we offer.

Who has hired All Things IC?

Clients say working with All Things IC leaves them feeling inspired, motivated, full of ideas and ready to turn plans into action.

We’re proud to have been invited to work with, and advise, some of the world’s leading brands.

Get in touch...

Would you like to work with All Things IC? Do get in touch below. Please note we only accept guest post ideas from in-house IC pros who have read the blogging guidelines.

Asking for advertising, back links or pitching services? We do not offer these and will not reply. Thank you.