In a recent case, France’s personal data protection agency CNIL fined US firm Monsanto 400,000 euros for a GDPR violation. The company had compiled personal data files of politicians, journalists, activists, and scientists seen as being influential in the debate over glyphosate use in Europe.

While compiling stakeholder lists is not in itself illegal, it is strictly regulated by The EU’s General Data Protection Regulation (GDPR). Any data collected should be strictly limited to public professional information of stakeholders, who are in the position of a policymaker. As participants in the public discussion on policy issues, these stakeholders can reasonably expect to be included based on their role and its relevance to public policy advocates. 

However, people come and go. Once the stakeholders are no longer acting in a public position, their data should be removed from any listings. Note that GDPR applies to all records, whether paper or digital, ranging from databases to Excel sheets. 

What does this mean for most companies and organisations, engaged in advocacy work? 

All contact lists and databases must be regularly checked for GDPR compliance. This can be a tedious and time-consuming task. And yet, despite best efforts, there can be that one forgotten outdated, and potentially very noncompliant stakeholder list, that no one remembers. 

So what are the best practices to cover your organisation from such risks?

Luckily, there are practices that minimize the risk of a GDPR breach significantly.

Invest in proper tools
Instead of trusting any manual data inspection routines, it’s far better to utilise tools such as Lobster to help you and your team stay on top of the situation, with minimal effort. 

Keep all stakeholder data in one location
With Lobster your team keeps all stakeholder information in one clear location that the whole organisation uses. Lobster’s data is always up to date as we automatically track and meticulously update all the stakeholders in our database. This not only saves your team a great deal of valuable time but most importantly, removes the need to keep any potentially risky shadow listings in any format, paper or digital, elsewhere.

Get automatic notifications of changes
When a stakeholder in your organisation’s Lobster moves to another nonpublic position, we notify you immediately. This means you can easily review the data you have to see if there are grounds for keeping it any longer. 

Make responding to GDPR requests easy
On behalf of Lobster, we regularly notify all stakeholders in Lobster’s data, providing them an opportunity to inspect it. However, eventually, the day will arrive when a stakeholder in your database sends your organisation a GDPR request. When all your advocacy work is documented in Lobster, proving a GDPR report is available with just one click and takes literally just seconds.

Review your stakeholders regularly
What about stakeholders that are important to your organisation, but not part of Lobster’s data? Adding any relevant stakeholders to your advocacy project in Lobster is simple. However as this data is only visible to your organisation, we recommend reviewing these stakeholder profiles twice annually. Though this requires some effort from your team, Lobster provides one-click filtering for this task. This means that the review can be completed in the easiest possible way.

Train your team on GDPR
Finally and most importantly, train your team on GDPR and how it applies to public policymakers. Though having great tools helps a great deal, having an informed and vigilant team is the best policy.

Lobster is a lobbying tool developed by lobbyists for public affairs teams. Alongside the Lobster’s tools, we provide our clients an extensive stakeholder database for identifying key decision-makers in the EU, Finland, Sweden, and Norway. 

Interested? We’d love to tell you more. Watch this introductory video or book a 30-minute demo from below.

Book a demo