GDPR is in force in a couple of months. It’s all over the news that it requires a great amount of arrangements, the deadline is too tight and everyone will face data loss sooner or later. Still, I do believe GDPR is not a threat primarily but a huge opportunity especially from the perspective of the communications industry.
It was a brave and progressive step of the European Union to initiate the modernization of data protection. On the one hand, it is one of those few spectacular regulations which are going to be standardized in each member state. On the other hand, it tackles the crucial issue of how firms, governmental institutions and NGOs manage the data of private individuals. What is all this about?
- reinforced trust towards stakeholders
- transparent operations
- aware and reliable use of technology
What are these if not the underlying principles of good PR driven operations? At least we PR professionals should recognize the opportunity to become effective advisors for our boards again. Since this whole GDPR issue is about building and maintaining reputation: how much we are relied upon by those who we deal with.
As a strategic advisor and leader of a firm and various professional trade associations which manage data, I had to face the fact that this regulation entails highly complicated tasks. For example, an employee asked to remove every relevant article and photo in the internal communication magazine after she had resigned from the company…; Or the question can arise: which services can a company promote for those who signed up for a newsletter on a promotional landing page of one specific product? A further issue is this: to what extent and according to what kind of regulations can an IT contractor, an external event manager (so any third party) and an in-house HR or sales person see online invitations and registrations for a certain company event? Consequently, I think we have two challenges ahead from the point of view of communication:
- The GDPR of communication: these are activities in which as communication professionals we deal with private data (newsletters, lists of media contacts, guests, micro-targeted campaigns). Here it is our responsibility to make sure that data collection and management are adequate both in technical and legal terms and our colleagues and contractors are also aware of them.
- The communication of GDPR: it is just the opposite. The regulation of data protection is handled by lawyers and security is the responsibility of IT guys. There are employees who deal with data anyway (HR and sales people); nevertheless, it is the stakeholders who need to be aware of what the given firm thinks about data protection and how it tackles the data of its employees, partners and clients.
And here comes the strategic role of PR, as for GDPR we have the chance to:
- Educate: What is data protection, why is it important for us, what do we do as a company and what do we expect from our colleagues? The basic principle is to manage the data of others the way we would manage ours.
- Involve: Everyone should participate based on his or her responsibility in the system. In a supportive environment, problems can be anticipated, helpful suggestions can be accepted and parties can be informed about plans more easily.
- Manage crisis: As the saying goes, “there are two kinds of companies: one in which there has been data loss and one in which there will be.” Just think about the current scandal of Intel… when practically each and every computer is so vulnerable that you cannot do anything against it. According to GDPR, there is one compulsory thing to do in this case: incident management within 72 hours. One further nice opportunity is honest communication because it always pays off.
Based on all this, we can see that there is a big challenge to align the work of various different organisational units such as legal, IT, HR and communication (from the perspective of GDPR). For instance, our consultancy developed a 360 degree training program in which we present and discuss from which professional fields and for what kind of tasks experts will need to be involved in such a process. (Therefore, IT and legal professionals will also contribute to our trainings.)
Ardi Kolah’s article in Influence magazine (Q4, 2017) lists this one in Point 6: it’s time to do branding for us and our clients as well as to develop corporate and employer reputation. We need to see that GDPR presents a challenge for public relations both in its name and its spirit.
Be brave to pioneer the process: building trust, reinforcing transparency and involving technology are all in the interest of PR. We will need all this without a deadline: it is our duty both before and after 25 May 2018.
Andras Sztaniszlav started his career as a journalist, then worked for the Prime Minister’s Office in Hungary as a communications advisor. In 2005, he co-founded his PR consultancy, PersonaR which provides strategic counsel to corporations on reputation and stakeholder management, sustainability, measurement, internal and crisis communication.