Have you spotted the sheer number of scary data privacy stories in the papers lately?
Reputable brands trusted to keep your details safe, such as the consumer credit agency Equifax and courier company FedEx, are among the latest cyber-crime victims with breaches causing personal data to seemingly float out into the ether.
Then take social media network Facebook falling foul of German law just this month after the courts ruled its personal data use and privacy settings are illegal. A quick Google search is guaranteed to bring up many more headlines.
With companies coming under fire almost every day, it’s little wonder professional services giant Ernst & Young says we’ve become more cautious of giving out personal details online than at anytime since the birth of the internet.
Part of the problem is that big data – the chunky morsels of information that reveal patterns and trends and are helping to drive future healthcare, the Internet of Things and artificial intelligence – is in ever increasing demand and has obvious benefits.
So as the age of information is in danger of developing into the age of paranoia, we’re seeing more rules and regulations aiming to not only educate us on the personal risks, but guide companies on how they can steer clear of any data privacy no-nos.
Particularly relevant to our industry is GDPR… no, not another public relations firm to pop up in the piranha tank, but General Data Protection Regulation.
As the Little Red Rooster team has discovered, understanding GDPR and what it will mean for us day-to-day can be hard to get your head around, so we’ve summarised the top lines so you don’t have to.
What is GDPR?
Put simply, GDPR (General Data Protection Regulation) is a set of compliance regulations formed by the European Parliament in 2016 and relevant to all companies handling the data of people in the EU.
The express purpose is to protect an individual’s personal information and all PR agencies great and small holding data on members of the media, influencers and even clients, must familiarise themselves with the new regulations.
With the laws coming into effect on May 25th this year it’s high time to ask what does this mean for PR professionals?
A key theme running through the GDPR rulebook is transparency. Organisations dealing with an individual’s data must make clear, both to the person and the regulatory body, the purpose and use of that data.
Specific to PR, this means ensuring a journalist or influencer agrees to you storing their details and is happy for you to contact them.
In turn, that contact must be a lot more carefully targeted by you, which brings us on to our next point.
With GDPR, the way you handle information also needs to comply with the regulations, resulting in organisations becoming more responsible for how they use data.
More control will be given to individual journalists, bloggers and influencers who have the right to ask for their details to be amended or removed at any time.
This should lead to well maintained, up-to-date media lists and only sending relevant information to the right people.
It should also lead to inboxes no longer being bombarded with mass mailer press releases – something that won’t be a problem for us at the rooster coop because we detest them.
Looking outside of the agency
A further layer to ensure compliance is checking all third-party suppliers and IT providers an agency uses adheres to the same data regulations and reviews this thoroughly and often.
Major PR database resources like Gorkana and Fashion Monitor will no doubt be making sweeping changes to the way they operate, so it’s important to keep an eye out for any big announcements.
What about Brexit?
If the General Data Protection Regulation handles the data of everyone in the EU it’s an obvious question to ask what happens when Britain leaves the union?
The UK government has recognised it will still be part of the EU when GDPR comes into effect and that, no doubt to the relief of Jean-Claude Juncker and Michel Barnier, we’ve stated we’ll continue to comply with the regulations.
What happens if there is a change of leadership at number 10 is anyone’s guess.
The next steps…
These are just some of the changes we can expect, but official guidance for all organisations will come from the Information Commissioners Office (ICO) – the UK’s independent authority for upholding information rights and data privacy.
Finally, while things are due to come into effect on that looming May date, the regulatory body recognises this will be a gradual shift and is therefore an introduction to a two-year transitional period. Collective sighs all round.