General Data Protection Regulation. GDPR. Doom and gloom. Is it “The end of the world as we know it”, “I predict a riot” or in fact “Let’s stay together”?
Having just attended the Chartered Institute of Public Relations Scotland’s very insightful GDPR seminar, I’m feeling a lot more positive about this thorny issue which is likely to be currently preying on the minds of almost everyone in business. In view of the 25 May deadline looming large later this week and the barrage of misinformation and confusion around GDPR, I thought I would share the key points that I took from this event.
The panel very helpfully featured a lawyer who focused on common sense application of the legal changes. As I am not a lawyer myself, my own observations of this event are not legal advice, but will hopefully be useful nonetheless to those of us currently ploughing through the minefield of GDPR.
Everyone reading this is likely to have been on the receiving end of a deluge of opt-in emails over the past few weeks, requesting permission to keep in contact. The panel helpfully highlighted that email consent is nothing new and indeed rules on this are different for consumers and businesses.
If you are in touch with individuals as consumers, the panel made it clear that different rules apply and the individuals’ consent is in fact required for your organisation to keep in touch with them. It is also important for the organisation to be clear on what sort of consent the individual has given, so replying to a competition with an email address doesn’t give blanket permission to bombard that individual.
The panel were very clear that politicians are considered as private individuals, so if you are communicating with them, it would be considered good practice to ensure you and your organisation have their consent to keep in touch.
Photography consent, particularly at large scale events, was raised by several delegates. The panel’s advice was to make it clear to event attendees – possibly through signage at the event – that photographs would be taken and images may be used at a later date. A belts-and-braces approach could be to include this information in any pre-event communications with delegates, which could allow people to opt out in advance.
As a business owner, I must admit that GDPR does seem a bit like using a sledge hammer to crack a nut. However, the panel emphasised that being able to demonstrate clear records, evidence of a willingness to comply, and having up-to-date systems will stand you in good stead. So maybe not so complicated after all, though time will tell.
- Julie McLauchlan, managing director at Perceptive Communicators