GDPR Compliance: Everything Communicators Need to Know

Last week I put together a GDPR checklist and resource guide for communicators to use with GDPR compliance.

After publishing about this very important data privacy and protection regulation,  I learned two things.

The majority of communicators either:

1. Don’t know what GDPR is; or
2. They don’t think it will affect them or their clients.

While the legal speak of regulations such as GDPR might not be our industry’s first language, as modern communications pros it’s part of our job to change that.

Data privacy and protection ARE inseparable parts of communication today. And like it or not, we need to take responsibility to both understand and guide/advise our organization and clients.

For that reason, if you are a communicator GDPR affects you.

Even if you are an American.

Even if you only work with American clients.

And even if your organization(s) only work with American customers or vendors.

Do you see the trend here?

Today you’ll find out why.

I Have Friends in GDPR Complaint Places

Writing the GDPR checklist answered a lot of questions for me about the regulation.

(Spoiler alert: I often write articles about stuff I need to learn more about and you all get to come along for the ride.)

But it also left me with a lot of questions.

About mid-way through last week’s article, I emailed my go-to compliance guru, Tom Fox

(Do you have a go-to compliance guru? I bet you don’t. I’m kind of a big deal.)

I asked Tom if I could interview him for a follow-up article, answering some of my additional questions.

Being the overachiever he is, he not only agreed, he somehow bribed Jonathan Armstrong, considered one of the top GDPR compliance experts, to join the fun.

GDPR Compliance Questions

Here’s what I asked these two super smart gentlemen:

• What are the top three areas where most businesses’ data protocols are currently not GDPR compliant?
• Communicators deal with databases and email lists a lot. If they already have residents of the EU in their database, do they need to get them to re-opt-in, in order to be GDPR compliant?
• Are communications agency owners liable if they are in charge of their client’s email lists or databases, and those databases aren’t GDPR compliant?
• Article 5 says only data needed for the consented exchange is collected. Theoretically, to sign-up to download an eBook the only info really needed is an email address. Often in situations like this, we will collect additional demographic, interest, or industry information in order to create segment lists and further communicate (with content or offers specific to them). Is that no longer OK?
• Along those same lines, if they sign-up to download an eBook and then a few months later we send them a blog post they might be interested or something else, is that against GDPR? How specific do we need to be upon sign-up about anything we might send them in the future?
• Article 5 also says we can only keep the data for the amount of time needed. What type of timelines or guidelines should we use to know how long is too long to keep an email?
• How would you respond to Americans who think the GDPR won’t affect them?
• Anything else communicators should know?

GDPR Compliance Resources

We mention a lot of GDPR compliance resources during the interview.

You can find them here:

• Jonathan’s awesome GDPR compliance FAQs and GDPR Navigator.
• Tom’s article on GDPR compliance policies and procedures. 
• Their entire countdown to GDPR podcast series.  
• FlyBe and Honda case studies mentioned.
• Data Protection Impact Assessments.

Key GDPR Compliance Takeaways

Please watch this video. Please. It will clear up a lot of your questions and give you a ton to think about.

You’ll learn a lot about GDPR compliance and data privacy and protection. But the key takeaways should give you a lot to think about as far as how you use data as part of your communications strategy.

GDPR is an opportunity to make sure you, your organization, and/or your clients use data in a strategic and effective way.

No tactic in absence of a strategy is effective. And more data isn’t necessarily better.

GDPR compliance forces smart communications. It’s good for our industry and it’s good for your communications strategy.

What if You Ignore GDPR Compliance?

Now you can decide to take your risks, not change your data, not update your lists, and ignore GDPR altogether.

You might go under the radar and not get fined. But that doesn’t mean that ignoring GDPR won’t hurt you.

Whatever bar Facebook sets when it comes to GDPR will affect everyone in the social media space. And right now it appears Facebook plans to extend all GDPR protections worldwide.

If you plan to enter into any data exchange with Facebook they will have to make sure your data complies with GDPR, as well.

(Facebook is liable for your data as a third-party, just as you are liable for the data of any of our third-party vendors. Tom explains this in our interview.)

The same holds true for any business worldwide you want to work with. When you aren’t GDPR compliant, you become a liability.

Do you want your organization to be seen as a liability?

As a communicator, you are also a liability if you don’t understand the rules.

Do you want to be a liability?

GDPR is about effective modern communication. It aligns, not hinders, your communications and business goals.

If you have further questions after watching this, let us know and we’ll get Tom and Jonathan to help!

About Laura Petrolino

Laura Petrolino is chief marketing officer for Spin Sucks, an integrated marketing communications firm that provides strategic counsel and professional development for in-house and agency communications teams. She is a weekly contributor for their award-winning blog of the same name. Spin Sucks. Join the Spin Sucks   community.

• View all posts by Laura Petrolino →
• Blog
• Twitter