Responsibility for GDPR lies with the Information Commissioner's Office (ICO). In 2017, with the arrival of GDPR looming, the ICO approached Squad with a brief to tackle the public information campaign for the new regulations.

The approach to media used by the campaign needed to be different to conventional campaigns. From the ICO's initial consultations with representatives from the public and private sector, it was clear that the public was facing an inundation of communication from organisations about GDPR. As an independent regulator with only a small budget and a mandate to invest public funds effectively, the ICO observed that it would be better to work with these organisations rather than conduct a separate campaign. If they could be persuaded to use the ICO's materials, it would ensure that a consistent message reached the public.

Alongside the ICO, Squad led a group of representatives who would help inform the development of the campaign. We facilitated a number of workshops with these stakeholders, with the initial focus being the message for the campaign. Research used to inform the discussions showed that the public had low levels of trust and confidence in the way that companies and organisations stored and used their personal information. The ICO had a goal to increase trust and confidence, which it turned out was crucial to other organisations too. Many of them rely on personal data for their activities, from conducting credit checks to administering loyalty cards. It was vital to them that the public trusted them with their data.

The debate required reframing. It needed to move away from the few negative stories about data and towards the many positive ways in which personal information benefits people every day. We decided to focus on how data matters to people, from improved healthcare to travel updates. The flip side of this is that data also matters to the organisations that use it. The new regulations were an opportunity to show how much privacy matters to the majority of organisations and the steps they take to protect people's data, with the ultimate aim of increasing trust and confidence.

'Your data matters' was developed as the strapline for the campaign and work on a logo began. The final design was inspired by the familiar 'on/off' toggle switches commonly used on digital interfaces, to represent giving people greater control over their data.

For the communications campaign, a family of characters were produced. Illustrated with fingerprints for heads to represent personal data, they made for a distinctive and recognisable campaign. The family included multiple generations, providing a full set of characters to act out the many ways in which data matters in the modern world. The new rights that people have as a result of GDPR are complex, so putting these regulations in the context of real-life scenarios was vital. The 'fingerprint-head' characters provided the perfect vehicle for acting out these situations.

We developed a full suite of off-the-shelf communications materials for organisations to use, including video, advertising, social content and literature. For those wanting to communicate the rights to their customers, this eased the burden of having to create their own materials and ensured that a coherent message - 'your data matters' - was communicated to the public.

“GDPR represents an evolution in the UK’s data protection laws. This is happening against a backdrop of huge public interest in privacy, following controversial stories in the media about how organisations are using personal data in ways that many would not expect or know about. This campaign allows us to present a consistent message about the new rights and ensure they are seen as a force for good as part of the continued move towards a digital economy.”

Robert Parker – Head of Communications, ICO