As a PR professional, you have likely heard of the General Data Protection Regulation (GDPR), which is the EU’s regulation for protection of personal data of EU residents. GDPR is a comprehensive set of laws passed in May, 2018 that affect EU businesses but also businesses outside of the EU that “control” or “process” EU residents’ data.
If you are a PR pro that pitches reporters or influencers in the UK, France, Germany or anywhere else in the EU – GDPR applies to you. This is because pitching a reporter, and even possessing her personal data (such as email, phone, etc.), fall under the categories of “control and processing.”
Even if your pitches to EU-based reporters are infrequent, you avoid “spray and pray,” and you target reporters smartly, GDPR compliance is required.
Since the GDPR text is 261 pages long – with 11 chapters, 99 articles and 173 recitals – we have decided to break down for you some of the essential requirements and challenges affecting PR teams.
Giving reporters the ability to “opt out” of receiving pitches
You are required to give journalists the ability to opt out of receiving pitches in the future. As it says in Article 7, “the data subject shall have the right to withdraw his or her consent at any time.” This can be tricky for PR teams, which may have dozens or even hundreds of media lists where John (a journalist at Travel Today Magazine) and his contact info exists. If John is on all of these different lists across teams and offices, how can you be sure that everyone will know not to pitch him? Having a centralized PR CRM, where all of your contacts live in a single database, is critical to being able to track and control opt-outs.
Tracking why you have the right to pitch each journalist
According to GDPR, you need to have a legal reason to pitch each reporter, and you need to keep track of what the reason is for each reporter. Some of these include “consent,” which means John opted in (he has told you before that he would like to receive pitches from you), or “legitimate interests” (e.g. John writes about travel and/or Travel Today Magazine focuses on travel, and you are pitching him a travel-related story).
Providing a reporter with an export of his personal data that you have
If John asks to see what personal data you have about him, you must provide him with a copy. If contact info or other personal data about John is inconsistent between media lists across your firm, because you have a new travel media list that is accurate and an old travel media list that isn’t, you would have to mine through all of these media lists to make sure you share with John all of the personal data you have on him.
Modifying or deleting a journalist’s personal data across all media lists
If John requests that you modify his phone number, email or any other piece of personal data, you must modify it across your whole firm. Similarly, if he requests that you delete his data, you must do a GDPR-compliant permanent delete of all of his personal data.
To request a demo of Propel, the first PR software with GDPR features that make it easy to comply with all of the requirements above, click here.