GDPR Spreading The Word Internally
An important aspect of privacy compliance is spreading the word both internally and externally. Employees need to know that privacy-related policies and procedures exist in your organization, and they need to be instructed on their use. Customers also need to be informed about a company’s privacy practices, and be given the chance to ask questions. Good communication is essential for maintaining company transparency and is an important aspect of compliancy with data privacy laws, including the General Data Protection Regulation. While having written policies and procedures is the best starting place, getting the message out about privacy is a critical subsequent step in the process.
Creating a Communication Plan
Once good privacy policies and procedures have been developed, a plan must be put in place to communicate this information to everyone in the organization. Even a complete and well-written policy cannot be effective if the people in your organization have not been made aware of it.
Having a clear communication plan will ensure that everyone in the organization is properly informed. Your communication plan should have four different parts: who, why, what, and how.
First, you need to list who in your organization needs to be communicated with. Every member of your organization should be represented in some form. The list can be organized by individual employee, or by department or division.
Then, identify why each separate group of employees needs to be informed. This could be to meet a new legislative requirement, or to communicate changes to an existing policy.
Next, write out what exactly will be communicated with each group of employees, whether this is a new procedure, certificate, schedule, or announcement.
Finally, identify how this information will be communicated. There are many potential methods of internal communication, each with different benefits and drawbacks. The method you choose must be accessible to your audience.
In your communication, it is important to identify a person or office where questions and concerns can be referred.
Communication tools that can be used in the workplace:
- Display policies, procedures and rules pertaining to privacy practices in the organization
- Demonstrate the employer’s commitment to privacy through email updates
- Provide training events when required
- Provide feedback on privacy performance
- Provide specific instructions on how to work properly with personal data
- Meet to discuss privacy issues (e.g. risk assessments, incident reports, audits)
This is an excerpt from Velsoft’s latest softskills course, GDPR Readiness: Getting the Message Out.