Press Mailings: Address Journalists in Times of GDPR
Tips for a GDPR-compliant creation of mailing lists to the press and for leaving a good impression on journalists.
The internet helped simplify press work. With just a few mouse clicks, one can now find the contact details of journalists all over the world. Creating mailing lists to send out press releases and other types of information to media representatives is quick and easy. However, with the European General Data Protection Regulation (GDPR) coming into effect on May 25, 2018, teams must address the question of how to properly handle the personal data of journalists.
Obligation of the National Legislation
On one hand, the personal data of journalists is protected under GDPR. Due to this, one could assume that press offices are only allowed to collect, process, and use journalist personal data when the individual has actively agreed on the use of their data. The individual in question also needs to have the right to withdraw this authorization at any time. This would mean that press offices would need permission from press representatives before sending out any communications and press information.
On the other hand, there is freedom of expression and freedom of information. Both are worthy of protection and subsequently complicate the legal situation. Article 85 of GDPR asks EU member states to reconcile data protection, freedom of expression, and freedom of information. This also includes journalism.
A special right for press offices contacting journalists could be justified by the fact that companies do have a right to express their freedom of expression and information. Moreover, press offices often help prepare articles for journalists and answer their inquiries – there is a synergy in this relationship.
The right to push out information does change, however, when press offices want to distribute promotional content to journalists. Product PR could be an example of this nature of exchange. Under EU-GDPR, it can be assumed that press offices can no longer rely on the argument of “freedom of information” when sending out promotional content to journalists – these would need to fulfill higher data protection standards.
In conclusion: There is no clear legal definition that defines to what extent press offices will have special rights when handling journalists’ data. National legal regulations will need to clarify the scope of the situation. Legal interpretation may vary in the different member states, but it can be hypothesized that press offices will not receive special rights under EU-GDPR automatically. With this in mind, distributed content would need to fulfill a press-informative function.
Recommendation for Initializing First Contact with Journalists
Regardless of GDPR, we recommend press offices consider the following 3 steps for creating trusting and professional cooperation with journalists:
1. “I do!“ – Collect for Consent
Press offices should always ask for consent from media representatives before starting a conversation – even without GDPR. By not adding journalists to mailings lists who have not given explicit consent, teams have the opportunity to win on two fronts:
- Reach a mailbox instead of a spam folder: Journalists who approve being added to a press mailing list will receive relevant updates within their mailbox, as the sender is now approved. As a result, the opportunity of having a press release picked up by the media increases considerably. On the contrary, unwanted content can easily be transferred to the spam folder and may lead to the “blacklisting” of all future company mail and the company domain.
- Synergize: If a journalist appreciates your efforts at collaboration and your professional approach, you will also be more likely to be asked to share your expertise and opinion in an interview. These personal contacts can help you circulate article ideas outside of your general press release updates.
Should a media representative reject your offer to add them to your mailing list, this should be taken as an important sign. Rather than jeopardizing the integrity of your communications, you can now concentrate efforts on those journalists who are interested in receiving your messages.
2. Transparency and Data Security
Data security and transparency should be your top priority. When adding journalists to your press mailing lists, don’t forget to inform them of what data you will collect, and what kind of information they will be receiving from you. Offer an easy way to withdraw this authorization at any time. Note: if you wish to delete personal information in a GDPR-complaint manner, it is no longer sufficient to simply delete the contact from your press mailing list. You will also need to delete any data on the relevant individual from your databases.
Always use encryption to save your journalists’ contact details and make sure that this data will not be circulated to third parties without the individual’s permission.
3. Pay Special Attention When It Comes to Choosing Vendors
Asking every press representative for consent before adding them to a mailing list requires considerable time and can be exhausting – especially when taking into account that mailing lists need to be updated regularly.
If you lack the time and resources to maintain current distribution lists, as an alternative, you can enlist the help of one of the many service providers who provide mailing lists. But, choose wisely. Should you decide to engage a service company to do contact research on your behalf, play it safe when it comes to data protection. The quality of any distribution list is not just constituted by the number of contacts and their “relevance”, quality is also determined by the level of professionalism used in aggregating and processing these contacts.
Take the time to examine how your provider gathers journalist consent and be informed on whether data is updated regularly or not. Be careful if a mailing list service is completely free or the price seems “too good to be true” – this could indicate a lapse in certain data processing processes and bring you back to square one.
Disclaimer: Information contained in this blog article does not reflect the legal opinions of EQS Group AG or any other professional legal advisors. For specific European General Data Protection Regulation (EU-GDPR) legal matters, please consult your legal advisors. EQS Group AG is not responsible for any liabilities that may arise from misinterpretation of EU-GDPR.