Is GDPR an opportunity or a concern?

GDP what?

GDPR stands for the General Data Protection Regulation. It is a new European legislation that is designed to harmonise data protection rules across Europe, creating consistency in how organisations must deal with personal data. In the Netherlands, our existing data protection law is quite strong, but in some other European countries it was relatively weak. GDPR creates a ‘level playing field’ across Europe.

In essence, GDPR is all about getting organisations to give due respect to the personal data that they process. It’s not about stopping companies from processing personal data, but ensuring it is looked after properly, kept accurate and not abused. By creating a clear set of rules across Europe, the hope is that this will help organisations provide better products and services and add value to the economy, without breaching the rights of individuals.

How GDPR affects PR

If you think GDPR is strictly related to PR (since it is in the name), you are wrong. GDPR is a legislation that affects all organizations, regardless of what industry they are in. Everyone needs to be aware of what it entails, how it affects them and how you can prepare for it. However it is interesting to see what effect it has on public relations.

There are a few areas within GDPR that have a direct influence on PR, namely Accountability, Transparency and Consent.

Accountability

There is no doubt that GDPR affects how organizations collect, process and transfer personal data. It is important that organizations not only comply with GDPR, but also demonstrate this compliance. This means creating a culture in which all relevant elements of the organization comply to the GDPR, including a good awareness about this within the whole team.

Transparency

Being transparent about how you cope with data is another aspect that is important, but the first step here is knowing what personal data you store, why you store this, what you do with it, where you store it and who it is stored by. Is this data that you really need to store? The more information you store, the bigger the risk. So make a good evaluation of what information you need to store and how to make sure you keep this safe.

Consent

And last, but not least: Consent. The aspect that got at least a lot of Sales and Marketing people to freak out, because they were afraid that they could not do their job the same way they were doing it before. Well...that is maybe not completely true, however, the fines that could be associated with not being compliant can really make you nervous.

All aspects mentioned are directly related to Sales and Marketing, but they also affect PR professionals directly. Think about sending press releases unsolicited to journalists. That is not an option anymore after 25 May. From the moment GDPR is being applied, you will need to start with a personal e-mail to the journalist that you contact for the first time in which you ask if you can send them press releases in the future. The journalists that you want to add to your press list, can only be added if they have given their consent.

Outsource Communications also has 5 more GDPR tips for PR:

1. A PR database is more than a press list: You should be open about the data you store and use, and why? If a journalist wants to inspect the data, you should be able to deliver it in a readable format. And perhaps even more important if someone wants to be removed from the database, you need to fully remove their data from your database.
2. Choose your PR tools with care: When you send out press releases yourself or use an external tool, the responsibility still lies with you as a sender. You have to know what data is collected, where and how it is stored and when it is removed.
3. Do not pass on press lists: The data in your system remains the property of the journalists. This means you may not pass on information on to customers, partners or other parties without the journalist's express consent.
4. Limit your press list: Of course, it is a good idea to send releases only to the journalists for whom they are relevant. However, from now on you must keep your press list even more up to date and be more selective about the people who receive each press release. This prevents journalists filling in complaints because they feel harassed.
5. Protect your PR infrastructure: All systems on which journalist's data are collected, processed, or stored should be made as secure as possible.

PressPage & GDPR

As of May 25, 2018, every company doing business in Europe will need to be GDPR compliant. Although it is fast approaching, organisations still have time to work on their compliance.

The PressPage platform is also affected by GDPR, and so we have been busy on ensuring it’s alignment with the new regulations. It is key for us to ensure our clients are GDPR compliant when using our services. For this we are doing numerous things, like:

Ensuring all personal data in the PressPage Mail databases is encrypted at rest and in transit.

Making sure that the right processor agreements are in place so that all transparency with regards to the processing of personal data is provided.

We have also worked hard on updating protocols and procedures surrounding PressPage’s GDPR readiness.

And finally, we have had multiple internal meetings and have enabled our team to be fully aware of the implications of GDPR.

So... what now?

In general, many fear the implications of GDPR. There are many aspects that an organisation needs to address, which inevitably means more work.

Christa Hemelaar’s, PressPage’s Marketing Manager, the first reaction was certainly not one of joy when hearing about GDPR. Sales and marketing tend to look at GDPR as a restraint on how they go about their business, especially when considering than non-compliance can lead to fines.

However, after studying the regulations and understanding its reasoning, she did conclude it could have some positive effects. Christa indicates that “on the other hand, the ones that provide consent should be seen as a very relevant audience for us and will only receive the information that is relevant to them.”

Christa’s view is concluded by the social impact GDPR will hopefully have in light of recent data and privacy breaches. When keeping the recent Facebook leaks in mind, Christa believes this law comes at a perfect time to ensure that the privacy of individuals is protected in our society; in her view a plus for both sides.