In recent months, you may have noticed that many of the websites you visit are asking you to acknowledge their updated privacy policies. You can thank GDPR for that. The GDPR — which stands for General Data Protection Regulation — calls for stronger data protection rights for people in the European Union and officially comes into effect on May 25. This is why companies that do business in the EU have been updating their policies to be compliant. The overall goal of the regulation is to give people a say in how their data is used, while creating stricter guidelines for how companies collect, store, and use their information.
While GDPR has the biggest impact for companies with customers and employees in the EU, the regulation has plenty of implications for HR and communications professionals here in the US. Any company that touches EU citizens’ personal data is affected, regardless of where the company is actually located. And even if you don’t have employees in the EU today, chances are that you want to take a closer look at your company’s policies for collecting, using, and processing your employees’ data.
Under the new regulation, companies must specify exactly what personal data they plan to collect from employees, and then secure explicit consent from employees to use that data. What’s more, all privacy notices must be “concise, transparent, intelligible and easily accessible.” So, while it may be the responsibility of your IT, HR, and legal teams to review and update policies, communicators have an obvious role to play. We can review and update policies to ensure they are written in a way that is easily accessible and understandable at all levels of the organization. GDPR aside, that’s a good practice.
GDPR is just the first step in what many expect to be a major shift in data protection regulation in years to come. So even if your organization isn’t enacting any immediate changes, it’s a good time to begin considering how this type of regulation can affect the way you communicate with your people and track and measure those communications. To learn more about the topic, here’s a round-up of articles about what this latest regulation means for HR and internal communicators:
- From SHRM: An overview of 3 key compliance steps contained in GDPR, and a very helpful Q&A
- From Silicon Republic: An excellent summary of which policies/documents should be reviewed in light of GDPR
- From Poppulo: A round-up of practical recommendations for how to update your employee communications (especially targeted emails) to adhere to GDPR
- From global law firm Cooley: A comprehensive guide for employers