Europe’s GDPR Regulation Could Mean a Crisis Comms Waking Nightmare

If a butterfly flaps its wings it can cause a typhoon on the other side of the globe. So says chaos theory’s famous butterfly effect concept, designed to illustrate that one small change can change everything. Thanks to ever increasing globalization, we’re susceptible here in the U.S. to the flapping wings of legislators all over the world, nowhere more than our largest trading partner, the European Union.

Given some of the gargantuan changes to data collection and usage mandated by the EU’s now agreed General Data Protection Regulation (GDPR), any company marketing to European consumers has had to sit up and take note. While some attention has been paid to the impact on data management and direct marketing pros, the regulation has some provisions that will keep Directors of Communications and PR departments up at night (literally).

Most tellingly, companies will need to inform regulators in Europe within 72 hours of any data breach that will “result in risk to individuals’ rights and freedoms.” If you think about commonly stolen info during hacks (credit card details, usernames and passwords, personal identifiers), you can see that many data breaches will fall under the 72 hour stipulation. And it’s not just a compliance issue, where it involves high risk to your customers; they too have to be informed within this timeframe.

Given that hackers are waltzing past many company’s cyber defenses with astounding nonchalance, losing customer data is an eventuality that PR teams need to prepare for and even expect.  Informing customers of a data breach means informing the media, amplifying the damage. Having a crisis comms plan in place for a data breach is good practice anyway, and many companies have this on file. However, having a plan that is executable within 72 hours and empowers the U.S. based team members at HQ to work closely with teams and advisers in Europe is a very different kettle of fish.

The accelerated timeline will squeeze the process of collaboration significantly. Drafting press releases, media Q&As, holding lines and messaging documents needs to be done at breakneck speed, an alarming prospect given the damage that can be caused, both to company and career, in getting it wrong.

Careful scenario planning in advance is key to tackling transatlantic crises within this tight window. Drafting materials to meet these scenarios can reduce the difficulties of doing so live, and not just from a time crunch point of view. When the sh*t hits the fan and the adrenaline is pumping, it can be more difficult to pick holes in your messaging and consider how the tone of communications will be received.

It’s not just about the wording, however. A timeline that incorporates each process and a clear delineation of responsibility for all decision makers is also highly necessary – time to get busy with Powerpoint’s flow chart functionality!

We work in such a reactive profession at times, and a frenetically busy one at that. So advanced planning isn’t exactly easy to squeeze onto the to-do-list. In the event of a data breach affecting European customers, however, corporate comms teams should expect a very long three days if they aren’t well prepared. Advanced crisis planning can significantly improve the response and reduce the associated stress. With a little under two years to go until the legislation comes into force, it’s worth beginning that effort now.

Dominic Weeks
Vice President

Download our new whitepaper, HEALTH INSURANCE MARKET RIPE FOR DISRUPTION

Posted on April 14, 2016 in Crisis Communications

Share the Story

About the Author

With over a decade of PR agency experience, split evenly across both sides of the Atlantic, Dominic has extensive experience building award-winning PR programs for clients. As Vice President, he offers strategic positioning and creative campaign recommendations that help companies increase brand awareness and drive action among their target audiences.

Specializing in technology, security and financial services accounts in both the B2B and B2C realms, he has a proven track record of driving successful campaigns for clients from blue chip corporations to start-ups. Dominic has also been responsible for expanding SHIFT’s international network over the last three years, building relationships with some of the world’s best independent agencies.

Prior to joining SHIFT, Dominic was a member of the team at London-based corporate communications agency Fishburn Hedges. He holds a Bachelor of Arts in English from the University of Oxford.

You can follow Dominic on Twitter @DominicWeeks

  • JJGilheany

    DominicWeeks good piece. Think it’s a massive issue that some companies functionally don’t know if anything has slipped after two days.

Back to Top
Subscribe to SHIFT Happens!

Subscribe to SHIFT Happens!

Want fresh PR and earned media news delivered to your inbox? Sign up for the SHIFT HAPPENS newsletter!

You have Successfully Subscribed!