By: Elizabeth Coffey, Marketing G2 Digital Marketing Specialist

Worried about how your news organization is going to get it together for the GDPR (General Data Protection Regulation) that’s going to go into effect in May of 2018?

The GDPR is a set of rules set forth by the European Union (EU) designed to protect consumers from aggressive data mining and questionable marketing practices. If you collect and store data on EU citizens or operate within the EU, the GDPR applies to your news organization. Under the GDPR, you must get explicit permission from EU citizens to mine, store, and use their data or you could face some pretty hefty fines that’ll take a huge chunk out of your yearly revenue.

The best way to make sure you’re compliant is to start preparing early. Below are some tips and tricks you can use to get your news outlet up to speed.

1. Promote awareness on all organizational levels – Make it your personal responsibility to spread awareness of the GDPR internally across all departments. Do not assume that everyone is up-to-date on the latest GDPR news and is actively preparing for it.


2. Look through all of your stored data – Go through and document all of your data determining where the data came from, why you store it, and if you really need to store it.


3. Purge – Get rid of any unnecessary or unused data that you may be keeping.


4. Build a GDPR responsibility framework – Create an organizational chart detailing who is responsible for what when it comes to the GDPR. Make sure that those responsible for GDPR compliance receive the training they need to perform the new GDPR data processing aspects of their job. Also, make sure that all employees know what to look out for in order to avoid a data breach.


5. Update your policies and procedures regarding data security - Revise and update your data policies and procedures taking the time necessary to make sure they’re easily accessible and understandable to employees of all skill sets.


6. Fully commit to the GDPR and make it a part of your daily work routine –Embrace data security and make it an integral part of your newsroom and news business’ corporate culture. Your employees need to ask themselves if they are allowed to access certain data, why they need it, and if they have to inform anyone that they’re processing it.


7. Prepare for possible data breaches - Under the GDPR, data breach fines are enormous. The EU can fine you up to 20 million euros or up to 4% of your global revenue. Create documentation that details how your news organization will identify data breaches, fix the breach, and inform all those affected within the timespan that the GDPR defines (currently it’s 72 hours). Make sure your corporate insurance policies have been updated to cover the fines should they occur.


8. Be aware of other people’s rights and be prepared to be challenged on your data collection procedures and policies - Remember that the onus is on you and your news organization to show why you mine, store, and process data and how you are insuring its safety. Be prepared to be challenged on the way you and your organization is handling people’s personal data. Remember that a reader/website user can request access to the data that you have on him or her under the new regulation.


9. Note parental consent requirements - Children under the age of 16 may need parental consent for you to access and retain their data depending on what country they’re in. For children under the age of 13, parental consent is required.


10. Consult with legal experts - If you’re still unsure as to whether or not your news organization is GDPR compliant, consult with legal and data experts.

What are you doing to prepare for the EU’s new set of data laws?