Olive Fogarty is one of our board directors and well-versed in all things sales, marketing and business development. In this post, she talks about how we’re getting ready for GDPR and offers tips on how you can do the same.
There isn’t a day goes by when I don’t get notifications of conferences, white papers or articles on the subject of the GDPR (general data protection regulations). The new EU-wide data rules take effect from 25th May 2018 and all this media attention and information can seem overwhelming at times, especially for small and medium sized companies. So as SME owner and director, I thought it might be useful to share our approach to becoming GDPR-compliant and I promise it’s reassuringly straightforward.
As Ireland’s largest, best loved and most trusted parenting community, eumom has always valued and protected our members and that applies to their personal data too. Now it’s fair to say that we weren’t new to the area of data or data protection but the reality of having over 200,000 active members and distributing more than 2 million pieces of communications each month meant that it was MISSION CRITICAL that our infrastructure, processes and policies were fully compliant with GDPR. Plus it’s worth mentioning that while eumom is a community brand with a big heart, it’s a surprisingly lean operation so we had to be smart in our approach.
We began with a firm commitment from the board and the establishment of a director-led project team. In our case, it included a representative from marketing, member relations & communications, office administration/HR and our database manager. We also worked with an external Data Protection advisor to help answer specific queries and to rubber-stamp our approach.
As a process, we used a number of the very helpful guides from the Data Protection Commissioner. The process began with a series of questions about what, why, how and where we keep data:
— Identify all personal data that we currently held, including staff, freelancers, writers, etc
— Review our privacy policies and how they are communicated
— Review our data procedures
— Check our member consent options, and evaluate if they meet the standards of the GDPR
— Confirm if and how we process children’s data
— Review our procedure for reporting any data breaches
— Scope a process for responding to data requests and what information would need to be included in those responses
The first couple of project meetings were more like workshops as we mapped our current processes, identifying any gaps and highlighted any significant issues. We also used this stage to raise any technical/legal queries with our data advisor such as who’s the Data Controller for our very active & engaged eumom Facebook community. (The answer is Facebook by the way.)
From our very first meeting, we created a project log to record and track our actions and updated it at each meeting. GDPR was also added as a fixed item to our board agenda so that progress could be reviewed regularly.
Now as part of Zahra Media Group (the eumom GDPR project team began before our merger), we are applying the same system to the whole organisation and share the same commitment to ensuring full compliance.
It’s not too late to prepare for GDPR and it’s certainly not an option to ignore it. It does require senior support, time from various members of staff and a good project leader but there are loads of resources available to help organisations make the adjustment.