GDPR : Are you ready in case of a data breach crisis?
It's all about Reputation Management! GDPR is first and foremost about Reputation Management. GDPR has indeed 4 main implications in terms of communication that should not be underestimated:
1. First you will need to report within 72 hours every "data breach" to the regulators and, in some cases, to the affected people. This is a huge change as, in the past, many organizations chose not to report hacks in the hope that the problem would blow over. Reporting is not an option anymore and having a crisis communication plan in place in case of a data breach is a must. Careful scenario planning (including a risk assessment of the types of data processed and the types of stakeholders impacted), drafting materials to meet these scenarii (press releases, media Q&As, holding lines) and a clear line of responsibility defined in advance are key to tackling data breach crises within this tight window. 2. All GDPR information and policies can no longer be written in legal jargon but must be in “clear and plain language” to ensure transparency to the EU customers. Do rely on the writing skills of your communication specialists to ensure efficiency in this process. 3. Sensitive data - like gender, religion, ethnicity, health, etc. - is becoming very sensitive. It is essential for your internal communication team to create a GDPR-proof data culture in which people understand that privacy is a thing, and that any information they keep about stakeholders can be accessed and scrutinized. 4. Your corporate communication department itself needs to be GDPR compliant (especially in relation to storing and processing stakeholder information which is the case if you are sending a newsletter for example). So, a word to the Wise!