GDPR – one month to go

This week marked a major point in everyone’s data regulation diaries: one month to GDPR compliance. There was a time when we had to spell out this acronym, but by now, understanding of this privacy law is far more widespread and reaches beyond Europe’s borders.

Knowledge is also gradually permeating the public sphere, thanks in part to the Facebook/Cambridge Analytica data scandal which alerted many of us to the ways in which our data is used, and misused.

Babel has a number of clients in the cyber security and data protection sectors, so GDPR is nothing new. Yet for many working in PR and comms, there may still be much to learn (and not much time to learn it!)  As such, it’s not just clients who need to be prepared; the PR industry too must ensure compliancy.

In a recent webinar I attended, Rowenna Fielding, Senior Data Protection Lead at Protecture, described GDPR as, “like the Data Protection Act, on steroids, with teeth.” As ominous as this sounds, she also reassured her audience that, contrary to popular belief, many of the requirements are based on principles which already exist.

Whether its data on clients, journalists, other PR agencies, analysts or staff: any body which holds information must be able to prove that its owners have ‘opted in’ to their data being collected and stored and be able to demonstrate that it is held securely.

The way in which you use this data must be fair, reasonable and appropriate: one of the GDPR’s main aims is to guarantee the right of individuals to have information about them treated with respect, and in a way that’s lawful and transparent.

This means that from May onwards, PR agencies and others must consider how data on individuals was obtained, if permission was explicitly and freely given, and then must make this clear to those using its resources.

What may seem like an upheaval can instead be approached creatively – we work in PR so are a pretty creative bunch, after all! You’ve probably been receiving those automated emails from brands, social sites, publications etc. requiring you to opt in? And you’ve probably been put off doing so as they the almost-identical messages give no stand-out reason to do so?

Think about how your clients, journalists and other ‘data subjects’ (GDPR speak) prefer to receive and engage in communication. EasyJet, for instance created a video on the subject. As long as the outcome is that they understand what you’re doing with their data, why and how, and communication is clear, accessible, and updated as required – you’ve no fear of (GDPR overlord) the Information Commissioner’s Office.

GDPR is a boon, not a burden, to the PR industry and beyond. It will make us all more aware of the value of data – to individuals and organisations – and more carefully consider the ethical and moral implications of data gathering, processing and management.

Finally, 25^th May is not the guillotine over PR heads. Yes, it’s the deadline for compliance, but if you’ve been planning, engaging, educating and informing (both your own team and those who you hold data on) GDPR will be herald a positive cultural change.