After months of build-up in the media, the European Union (EU) General Data Protection Regulation (GDPR) guidelines are finally here – and technology-focused public relations professionals are broadly in favor of it.
Most tech PR professionals are already familiar with high profile security failures at large corporations going back a number of years. The net result has been a thriving black market in which cyber criminals trade the personal data harvested from these kinds of breaches on the Dark Web.
The European Commission’s new privacy and security rules are intended to put a stop to this. Specifically, the hope is that the GDPR’s stricter guidelines on how businesses use and store personal information held digitally on their customers, coupled with substantial penalties for those that fail, will give EU citizens greater protection for their data.
There are two parts to the EU GDPR that affect technology PR. First, is the requirement to ask email contacts to opt-in to continue receiving sales and marketing communications. Second, individuals have the “right to be forgotten” which means businesses must delete any personal information that is no longer necessary or accurate.
For those that fail to comply, fines can reach up to $23 million USD or up to four percent of the company’s annual “global turnover” for the preceding year – whichever is greater.
PR Media Lists and Databases
It’s well known that an essential component of PR is the need to bring brand awareness and news regarding clients to the attention of journalists. Today, many maintain a digital rolodex with journalists’ personal information as a convenient way to make impromptu contact with them at any time.
Like many PR pros, I keep lists of emails for media contacts and don’t think twice about the phone numbers I keep saved in my iPhone. I utilize online services and cloud-based storage apps to allow me to access those lists from any device regardless of my location. Such tech-based tools are part and parcel of the modern day PR toolkit. To give any of this up in the name of GDPR compliance would be inconceivable.
Nor is it necessary. The EU GDPR is not meant to prevent people from using personal information to conduct business as usual. PR professionals can continue to send journalists unsolicited pitches and hold on to contact information provided they take appropriate steps to keep that data secure and do not share it with third-parties.
Modified Rules of Engagement
Nevertheless, the rules of engagement have changed slightly. For a start, it should spell an end to some of the lazier PR practices that journalists are not too fond of. There is no excuse to utilize the “spray and pray” method of sending mass emails without careful consideration to recipients.
In any case a succinct, well-researched pitch to a key influencer via Twitter or LinkedIn can be much more effective. Most journalists in tech have embraced social platforms for business communications. A journalist’s social profile is one of their most public and freely shared points of contact. It allows them to decide in seconds if they want to engage or pursue a story pitch rather than having to wade through hundreds of emails.
Journalists are increasingly using social media for public announcements. For example, in the run up to GDPR, PR professionals were bombarding tech journalists with stories on the subject. I noticed that one prominent commentator tweeted that he was not interested in receiving any stories related to the GDPR news. I pity those that missed the tweet and tried to pitch him on the subject after that.
Another excellent way to grab attention is with strong photography – just as it always has been. Mobile apps allow us to take and quickly share eye-catching moments. Even the most senior journalists can’t resist sharing great photos with their peers.
If the price of GDPR ultimately means more background reading and more research, most tech PR professionals are OK with that. After all, most of us are used to it. Reading and research is a fundamental part of winning new client business and media connections. And so it should be with the media. A standard practice among many PR companies is to contact top target media to announce a new client. It’s the perfect opportunity to ask if they want to hear news from them – positive responses help establish a relationship and form the basis of an opt-in list.
Back to Basics
In many ways, GDPR is all about a return to the basics.
Back in the day, PR companies use to keep racks of magazines and you were expected to read every article that your client’s top targeted media interest published. Often you would be so busy that it simply wasn’t possible to read them all. Now there’s no excuse. There is so much information online about the journalists we want to reach. Pretty much their entire back catalog is available in just a few clicks
Familiarity is one thing but over-familiarity may breed contempt. Because we follow journalists, “Like” their posts, have one or two interactions and add them to our social contacts – we like to think we now have an established relationship. Unfortunately, it’s easy to get carried away and become too forceful. Under GDPR overly aggressive PR professionals risk journalists turning around and asking to be forgotten.
There is one thing to come out of GDPR that every PR professional will welcome. Clients will sometimes ask to see press lists/journalist contacts. GDPR now gives us a legitimate reason to say no.
In summary, most journalists are nice people barring one or two ogres. Chances are even the ogres were also nice people at one time but one too many bad experiences at the hands of PRs has alienated them completely. The underlying principle with the EU GDPR is to maintain a common-sense approach to all relationships. Treat everyone with consideration and remember if you wouldn’t want it to happen to you, why would you do it to someone else.