GDPR is a topic of increasing concern and interest for all businesses, but is of particular importance in PR, as building and maintaining reputations is what we’re all about. Nowadays, few things are as damaging to a company’s reputation as a GDPR breach. Furthermore, there is the matter of professionalism and mutual trust that is shared and relied upon by journalists and PR professionals alike.
As the internet and associated services get bigger it is very easy for private and sensitive data to go astray and this can lead to severe upset and legal issues. ClearStory has always championed the privacy and protection of the journalists we work with both as a point of compliance and as a personal point of professionalism and respect to our colleagues without whom we could not function.
Historically, GDPR has been an issue for PR as well as other sectors. The problem stems from a combination of factors one of which is database security and suitability. Many PR agencies use software such as Excel or Google Suite, which are excellent products, but the problem is that there are not designed with data security in mind. They are generalist software that can be used on a huge range of tasks. But as such, there are no in built checks or safeguards to prevent errors or breachs from occuring.
As such, ClearStory has begun to shift all of our existing data to our own secure internal database that deals with a lot of the issues that can occur with using open software such as Excel or Google Suite. We believe that this helps us stay in line with the advice from the Public Relations Consultants Association (PRCA) who have outlined some of the following points.
Data can only be collected for specified, explicit and legitimate purposes – we only create lists and target journalist for the specific purposes of representing our clients. We only ever contact journalists if we believe that the pitch or press release will be relevant to them. Our database is checked before uploading contacts to ensure that only current and relevant contacts are being added. We only collect enough biographical data to allow us to effectively target the right contacts meaning that we don’t have any extraneous information nor are we bothering non relevant contacts.
Personal data must be handled in a manner that ensures appropriate security of the personal data – we NEVER share our contact lists with clients or any other third parties without the express permission of our contacts who may request an interview or direct contact with our clients. In such case where we may, we’d only do so to the extent necessary – names, phone numbers and email addresses being the limit.
We remain committed to ensuring our compliance with GDPR legislation and the security of the data we process on behalf of our clients, staff and media partners across the globe.
Having joined ClearStory from the financial services regulation sector, John provides research and advisory services for early-stage companies.