This article was published on May 29, 2018

Tech PR people are weirdly okay with GDPR

The GDPRocalypse doesn't look so bad from the PR world.

Tech PR people are weirdly okay with GDPR
Matthew Hughes
Story by

Matthew Hughes

Former TNW Reporter

Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twi Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twitter.

GDPR has an impact on virtually every industry that deals with personal data. Take, for example, the PR industry.

Publicists rely on the personal information of journalists, editors, and tastemakers, in order to build the public image of their clients. It’s fair to say that, as an industry, PR is as equally driven by data as it is relationships.

But most PR people are pretty sanguine about GDPR — the good ones, at least. In fact, they welcome it, as they believe it’ll weed out the bad actors from the industry.

You know, the ones that’ll buy a list of email addresses, and use it to broadcast an irrelevant, unwelcome pitch. These are the people reporters whinge about on Twitter. And these are the people who stand to lose out from the EU’s new data protection legislation.

Putting the PR in GDPR

TNW reached out to an array of PR people, working across a range of verticals: from fintech to crypto, from consumer tech to information security.

In order to get a better sense of the sentiment surrounding GDPR in the industry, we also reached out to a variety of types of PR people: from in-house communications bods, to freelancers, to those working for agencies.

I’ll admit, my sample was biased slightly by the fact that I reached out to those I had a positive working relationship with. Every PR person quoted in this piece is someone I know, or works for an agency I know.

I was struck by how everyone I got in touch with was (mostly) on the same page. For starters, most publicists interviewed didn’t regard GDPR as a disruptive threat to their business.

James Hennigan, Head of Campaigns for Manchester-based PR agency Galibier PR, said:

“GDPR can only be a good thing for the PR industry in that it will raise industry standards particularly during the ‘selling in’ process. The traditional “spray and pray” approach – spamming a list of unwilling journalists with a barely relevant press release and hoping some cover the story – will actually become legislated against and hopefully die out. We aren’t worried, as we only contact individual journalists with a targeted, tailored approach, so there won’t be a massive culture shock for us. The legislation will force PRs to think more carefully about who they approach and why. Relevance is so important in our line of work.”

Another upside to GDPR is that it legally prevents publicists from sharing the private details of journalists with clients, as Hennigan explained.

“The second benefit of GDPR is it protects us from partners that ask us for the phone numbers and emails of the media. Our relationships with journalists are a large part of the value we deliver and we’ve never passed on their contact details, but we do get people asking us to share them. Now, we legally can’t, giving us another safeguard when people ask.”

Journalists hate this, because (at least, in my experience) it usually means some overzealous founder has taken issue with some legitimate and accurate paragraph in an article, and wants to harass you into changing it.

Publicists hate it too, because as Hennigan said, it undermines their relationship with the reporter, and makes their job a lot harder.

Having spoken to several people working in tech PR, the biggest plus is that it’ll put an end to some of the worst practices of the industry. Lauren Gilmore, former TNW editor and founder of the PR and Prose agency in Amsterdam, had this to say:

“It’s no secret publicists and people managing publicity have – for lack of a better term – bastardized the field. They unapologetically CC every journalist in their contact list with irrelevant pitches. By ensuring that PR people provide relevant information when contacting journalists, GDPR and its subsequent regulations will only help elevate publicity. It forces us to respect the journalist’s time and personal information, treating it with the professional respect. It also helps to ensure we build relationships with journalists – something that has fallen by the wayside for far too long.”

Compliance is going to be a major issue for the industry. Although Andrew Laxton, Executive Vice President and Managing Director Europe of Racepoint Global, said GDPR should be regarded as an “opportunity for the PR and marketing industry,” there’s still some work to be done.

“GDPR is going to have a big impact on how we work. Having gone through the process of evaluating the data that is stored and how it is managed, you quickly realise how things can be done in a much more secure and robust fashion. In fact, it has helped us to streamline and review our internal processes overall – and across global offices,” he said.

“As an agency with a global footprint in the US and Asia as well as the UK, it has meant that we have had to change how we share information with our colleagues in other offices. Nevertheless, this has ensured that globally we are all aligned on the new regulations and what they mean, and can help ensure that regardless of where a staff member is based they will know how to correctly store and manage personal data.”

“A total nightmare for PR people”

That said, there were some bears amongst the bulls, most notably Ed Zitron — who is one of the most vocal (and funniest) commentators on the PR industry. He thinks GDPR has the potential to open a world of hurt.

“Article 17 is going to, depending on the interpretation, be a total nightmare for PR people,” he said.

This part of the GDPR legislation lays out the scenarios for when data should be deleted. It states that if personal data is no longer required for the purpose for which it was collected or processed, companies are obligated to delete it.

According to Zitron, if this applies to an email address or a phone number, then PR people will “have a very, very tough time justifying keeping media lists.”

“Now, there’s likely a loophole in keeping an email address saved in your Google Contacts, but if you have decided to save it, then you have an issue. The same goes for things like PR briefing books (little dossiers that they keep about reporters) – that’s certainly personal data,” Zitron added.

This isn’t the only potential pitfall in article 17. Other conditions when data should be deleted is if “the data subject objects to the processing and there are no legitimate grounds for processing.”

According to Zitron, this “likely won’t cover ‘we like to send the same email to 100 reporters.'”

In short, this means that spamming a reporter could result in a violation of the law. Zitron went into this some more:

“The GDPR also bars against “improperly processed” data. Depending on who interprets this, this could apply from data breaches, all the way to big spam lists, to people who are clearly not relevant to the story.”

Too early to say

GDPR Day was last Friday. Given there’s only been two working days since it came into action (one, if you’re based in the UK, which just had a three-day holiday), it’s a little too early to definitively say how it’ll impact the PR industry.

But having interviewed several professionals, a few things are clear:

  • PR people are prepared for the new legislation, and for the most part, know it back to front. They’ve spent a lot of time getting ready for GDPR.
  • Broadly speaking, they regard it as an opportunity.
  • They think it’ll weed out the worst practices of the industry.

If you work in PR, but feel woefully unprepared for the GDPR onslaught, it’s not too late. Jacek Materna is the CTO of Assembla, and much of his efforts over the past year has been centered around ensuring his company is GDPR compliant.

TNW reached out to him for some first-hand advice, and he had the following tips to share:

  • Understand what data you’re gathering and also classify it.
  • Make sure you understand where it’s held, how it is kept and how & when to delete it.
  • Back it up, anonymise it or encrypt it.
  • Do whatever you must, just don’t avoid managing it.
  • Avoid abusing personal data by sending irrelevant content to large numbers of recipients. Communication professionals can no longer fly under the radar and assume tacit approval when sending out press releases or other types of content.
  • If you use personal data, consent by the individuals in your communication campaigns must be “freely given, specific, informed and unambiguous.”
  • Be open about your processes and don’t treat it as a secret. Your influencers, customers, and other stakeholders will trust you as long as you prove to be trustworthy.

Do you work in tech PR and have something to say about GDPR? Let’s keep the conversation going. You can email me here, or reach out on Twitter here.