Tuesday 10 Oct 2017

PR and GDPR: Should we be worried?

PR and GDPR: Should we be worried?: GDPR - Are you on the right track

In May 2018 the General Data Protection Regulation (GDPR) will come into our lives. The rules will completely disrupt the way that businesses manage their data, forcing some companies to drastically overhaul their processes. PRgloo is the PR software provider to the Information Commissioners Office (ICO) - so we love to chat about GDPR. Here are a few insights which we think you might find useful. 

What is GDPR?

The General Data Protection Regulation adds clarity, an additional ‘accountability’ aspect and some stricter enforcement rules to the Data Protection Act. It comes into force on 25th of May 2018.

Who does it apply to?

The GDPR applies to ‘controllers’ and ‘processors’ or in layman’s terms anyone who stores information about people (such as journalists, stakeholders, customers or members of the public).

How does it apply to Comms?

Communication teams store information on journalists, stakeholders and often members of the public. This information (name, email, phone, bio, address etc) all comes under the remit of the Data Protection laws and subsequently GDPR.

Note: whist it is true that journalists often make their details available publicly for the express purpose of being contacted by PRs and the like, they are still data subjects – influential and vocal data subjects at that – so we would not recommend being complacent about their standing within the GDPR.

The act explains your responsibilities when it comes to:

  • Keeping this information safe so it does not get hacked
  • Collecting the information lawfully and transparently
  • Using the information only for the reason it was collected
  • Not keeping more information on a person than is needed
  • Keeping this information up to date and deleting it when it is no longer needed

GDPR puts a greater emphasis on companies being able to show how they comply, rather than being able to defend themselves if they don’t. A bit like fire safety regulations, you need to show upfront that you are complying rather than sit back and wait for the fire inspector. It also comes with some walloping big fines if you don’t.

Should I Panic?

Absolutely not. Nor should you go out and buy expensive systems / consultancy services. Communication teams know how to treat people’s data well as they are in the business of building relationships and not spamming the hell out of journalists and stakeholders. However, you should consider some type of system to SHOW that this is what you are doing, rather than just relying on the fact that people won’t complain. CRMs are useful for this because they SHOW exactly how and why you are using someone’s data, where it came from, how you keep it up to date and if anyone asks for their data (or proof of your compliance with GDPR) it’s all there.

What’s the Good News?

The good news is that by using a CRM system such as PRgloo (rather than a spreadsheet or some other insecure – hard to update document) you are arguably already helping your organisation meet some of the core requirements to show that your data has been collected lawfully, used for the intended purposes (and only these purposes), has been transparently collected and processed and provides the means to very simply to provide access to these records for the data subject. 

What’s the Bad News?

There isn’t any really. If you use PRgloo (or systems like this) you are automatically one step ahead of the game. You should however always be vigilant about what data you store on individuals and how you store it.  We can’t, for example, stop you from tagging your contacts by race, religion or political persuasion – but this data is not normally relevant or necessary for your communication strategy. You are profiling contacts based on getting your news published or furthering understanding of your company within key sectors - so you need to make sure the data which you store on these contacts is necessary for this aim and this aim only. This is the reason people make their details available to you and this is what we all need to respect. If you don't use a system like PRgloo, you might want to consider researching what's around in the market. Be sure you go for something which is both secure (Cyber Essentials accredited, independently tested) and easy to use (otherwise your team won't use it and you're back to square one). 

Want to know more?

Please email me for our short guide to GDPR and I'll be happy to send it over. 


Samantha Deeks


CEO of PRgloo

0773 651 4921

Our security partners & accreditations

2Sec Cyber Essentials Capterra Best Value for Public Relations Mar-20 GetApp Functionality for Public Relations Mar-20 Capterra Ease of Use for Public Relations Mar-20 Crown Commercial Service Supplier Digitally Aware