The General Data Protection Regulation - an opportunity for change
The General Data Protection Regulation (also known as the GDPR), replaces the existing Data Protection Act of 1998 on 25th May 2018. In our experience, the introduction of new legislation can cause lots of concern and confusion, which can in turn limit information sharing, or programmes seeking to develop data sharing. This ultimately impacts on outcomes for public service users.
Our focus is on the improvement of public services through partnership working and improving information sharing between those partners, so we want public sector organisations to be clued up and in the know about the GDPR so they are confident in sharing information.
The changes which the GDPR bring, are predominately about firming up your data management practices (i.e. recording things more and bettering how you record them, improving the content of your privacy notices, and the way you ask people for consent), rather than a total overhaul of your systems and processes. For a full list of the legislative changes, visit the Information Commissioner's Office website, and you download their '12 steps to prepare for GDPR'.
Recently, one of our engagement managers, Imogen Heywood, took part in a live panel debate about the GDPR which was organised and hosted by UKAuthority (in partnership with Civica Digital) .
There was a broad depth of knowledge on the panel, which was made up of:
- Victoria Cetinkaya, senior policy officer at the Information Commissioner’s Office (ICO)
- Imogen Heywood, engagement lead at the Centre of Excellence for Information Sharing
- David Tidey, chief information officer of the London Boroughs of Wandsworth and Richmond and chair of the London CIO Council
- Chris Doutney, managing director, Civica Digital
You can watch the debate by clicking below:
Imogen has also recently been involved in a live webinar, along with our head of dissemination, Holly Bremner. This webinar was titled 'GDPR – an overview for public sector communicators' - and as the title suggests, was aimed at communications professionals who need to get to grips with the GDPR. If you're a comms professional who missed the webinar, you can catch up by clicking on the link below (this webinar was organised by Granicus, a cloud solutions provider for government).
A call to communicators everywhere – your sector needs you (and you can benefit too)
As a communicator, it can sometimes feel that a new area of legislation or revised law is just something you need to know about so you can support a department as they adapt to it, or create media lines for chief executives.
The General Data Protection Regulation (GDPR) is a little different, as it is a legislative change that will directly impact on communicators and your day to day tasks.
But, that’s not the only reason we’re reaching out to communications professionals. We also want to talk to you because we know that you are at the heart of any successful change programme, and that you have a key role to play in shaping the messages (to staff, leaders, and the public) about the role information sharing can play in improving services and creating better outcomes and experiences for people. A role that communicators can play not just through what you say, but also by what you do, especially with the personal data you hold and use to inform and engage the public.
Three golden GDPR opportunities for communicators:
1. Getting your own house in order
The GDPR uses much of the Data Protection Act (DPA) as a base and simply enhances and builds on it. So, if you already have a robust system in place for sharing information and managing data, you may not need to do anything drastically different to what you’re already doing.
You’ve probably got some personal data you’re responsible for, such as email addresses (for your mailing lists) and digital photographs of people (for use in everything from social media to newsletter articles). You should document what personal data you hold, and, if you don’t already have this documented, you will need to complete an information audit. The introduction of the GDPR might therefore help you make a business case for dedicating some of your resources to doing a thorough mailing list update/review or re-engagement with your audiences (which you’ve probably been meaning to do for ages anyway).
Use the time now to:
- double-check what processes you already have in place and look at whether you need to update any of these; and
- check if your records and marketing preferences are up to the slightly enhanced requirements of the GDPR.
There might be help from elsewhere in your organisation to do this, for example from your information manager or data protection lead.
2. Managing myths and fear
The media hype of huge fines around the GDPR may create barriers to information sharing. There is also lots of misunderstanding and myths surrounding the GDPR, and this can create fear. Fear is never a good starting place for change, there’s a real risk that people will stop sharing information, or just bury their head in the sand and not take the time to check if their data is in order ahead of the GDPR deadline (25 May 2018). This creates risks to your organisation, not just that you might find it hard to deliver services effectively, but also that you might create a culture which threatens your successful relationships and reputations with partners and the public.
Use the time now to:
- carry out some internal staff engagement to find out how much those in your organisation already know about the GDPR; and
- carry out an internal campaign to address these concerns and support your organisation-wide GDPR preparations.
3. Explain the benefits of information sharing to service users
Your average service user may not have given that much thought to how their information is used in the past. However, with the GDPR shining a light on a range of new and improved ‘information rights’, designed to give people more control and say about how their data is used, it’s likely that privacy and data protection will be rising in the public’s consciousness over the next few months, and you may find yourselves getting asked how you’re complying with the new regulations.
Use the time now to:
- proactively engage your audiences in a wider conversation, designed to build trust and explore the benefits of sharing their information with you - a short example of how sharing information has helped others could help you to demonstrate this; and
- use the conversation to say how you already manage service user’s data in line with their preferences - so they understand they are already benefiting from your services and this is an enhancement.
We’re here to help
We’ve tried to capture the key roles and opportunities which the GDPR is creating for communicators above, but this is just the start of a conversation, as we expect you’ll have further questions and queries in the months ahead. With this in mind, we’re using this opportunity to:
- Listen - we want to hear from local places what they’re doing to prepare for the GDPR and what, if anything they’re worried about, or finding difficult. As we can then use this to shape the support we offer, and inform our conversations with national partners, such as the Information Commissioner's Office.
- Support - we’ll be working with a range of national government departments and local places over the next few months to help identify and tackle cultural barriers to information sharing, and of course looking at the impact of the GDPR as part of this. If you’d be interested in working with us, please let us know.
- Inspire - we’ll be sharing our thoughts about the GDPR and our ambition to change the conversation (to a positive, benefits focused one) through our blogs, publications and events. We’d love to include real life examples in these, as we know these have the power to make a really big impact, so please contact us if you’d like us to help share your story, or even host a guest blog that you’d like to write on the topic.
If you'd like us to either listen to you, support you or inspire you or help you to inspire others, please get in touch by emailing us at; firstname.lastname@example.org
Also, visit our contact us page to sign up to our newsletter.
You can help too
We’re keen to help, but we also strongly believe in the power of peer support. So, as well as sharing your experiences and materials with us, please don’t forget to share them with each other. As by working together in this way, in your local partnerships, through your professional bodies, and across your peer networks, you’ll not only support each other but help to develop consistent messages that reach across place and organisational boundaries.