Buried in this chunky piece of legislation is a series of new rules governing marketing data.
In particular, the need for 'explicit consent' from the recipient of a marketing message, and for this consent to be 'verifiable' – i.e. the company doing the marketing must have clear records showing the provenance of the data.
At this point most PRs will be shrugging their shoulders, maybe shedding a tear for their marketing counterparts, but ultimately thinking this legislation doesn’t impact them.
Unfortunately, it’s a little bit more complicated.
GDPR, which takes full effect in May 2018, covers both B2B and B2C communications and what constitutes a marketing message has room for interpretation.
Therefore, if you’re a PR agency or in-house team that relies on unsolicited emails to journalists to secure coverage or interviews, you could have a big problem.
By big, I mean a fine for breaching GDPR of four per cent of global revenue or €20 million (£17m), whichever amount is bigger.
Put it this way, if you contact a journalist for the first time via email with a press release about your snazzy new product, the content of that email could constitute 'marketing' rather than a 'service' or information email.
If the journalist is a bit prickly or hungover (I know, very unlikely) he could demand to know where you got his contact information from, as well as proof that he consented to receiving marketing material from you.
At that point, if you can’t prove that he clearly opted-in to being contacted and provide the history behind how you collected his information, you could be in a pickle.
PR and marketing departments will also need to make all data 'portable', which basically means if someone asks for a copy of all the data you hold on them, you’ll have to provide it.
If the journalist is particularly prickly (what are the chances?), he could demand you destroy his data and never contact him again.Robert Bownes, director of communications at Profusion
Also, at any point you can request for your data to be destroyed.
So if the journalist is particularly prickly (what are the chances?), he could demand you destroy his data and never contact him again.
If, in a year or so, a new wide-eyed account executive at your company decided to take the initiative and drop this journalist (that mysteriously doesn’t appear on any media lists) an email, you could be in an even bigger pickle.
Now this may all sound doom and gloom, however, like I said, the line between PR and marketing is far from clear.
Ultimately, in practice, there could be a lot more wiggle room for PR messages.
For many organisations, a record of correspondence with a journalist could also constitute consent to receive further messages.
Finally, liability could fall on media database companies.
However, while there is ambiguity and risk, many PR companies will do well to invest in data management technology – something they should be doing anyway – to store, manage and harmonise their information on clients and journalists.
Undoubtedly, GDPR represents a bigger challenge for marketers, and will make a lot of traditional marketing methods impractical.
This, in turn, could create more opportunities for PR firms by making it a more straightforward, risk-free communications channel.
Robert Bownes is director of communications at Profusion