Move over GDPR—ePrivacy is the new data regulation for brands

by | Mar 7, 2019 | Analysis, Public Relations

Roll the clocks back to May 25th, 2018. Many businesses were fearing the worst about the General Data Protection Regulation (GDPR) that was coming into force. Cue a string of last-minute website changes, consent emails being sent, and records removed from databases.

It was an eye-opening experience, am I right? Well for some business, it might have been a little too eye-opening…

A survey carried out in December by IT Governance discovered that only 29 percent of firms in the EU are fully GDPR compliant. With GDPR still very much in the works for some businesses, we might be about to deliver some bad news.

There’s another data protection regulation you need to prepare for

As if GDPR wasn’t enough of a challenge, the new ePrivacy regulation is set to put a spotlight on businesses, rather than the individual-focused GDPR.

You’d be forgiven for not knowing much about ePrivacy, as the regulation remains in European Parliament for approval, with decisions on its future likely being made in the Spring of 2019.

What you do need to know, however, is that ePrivacy will intensify the levels of consent needed to target individuals online, in an effort to provide greater transparency on personal data processes.

So how will this affect the world of PR? Let’s dive in.

Clean up your outreach lists—including business emails!

Ah, the days of legitimate interest…

While they may still apply in certain situations, the lines are about to get a lot more blurred.

Pitching ideas to the press remains absolutely fine. We still need to think up creative ways of getting our message seen, but in terms of outreach to publications, the playing field is very much open.

However, PR is often just an added string to the bow of outreach professionals, who will be pitching their idea to websites far beyond the realms of publications—which is why it’s essential that businesses considering this practice try to clean up their act.

While it’s perfectly understandable that people will try to gain coverage across many types of websites, it could leave their business open to complaints regarding how that information was sourced and processed.

Reason being, GDPR didn’t really live up to its hype of reducing the number of spam emails we get.

The ePrivacy regulation aims to address this, with a ban on unsolicited communication through a range of channels.

In the wake of GDPR, many businesses looked to their databases to either confirm the source of their consent to process data on an individual or seek consent.

The result was a huge drop in database sizes for the purposes of email marketing, and the ePR looks to extend the application of this further.

Not only does this apply to individuals anymore, but it also applies to business emails—which could result in a whole host of problems for PR professionals, and leads perfectly into our next point…

Be transparent

It’s worth remembering that journalists are people too. Their job isn’t to field pitch after pitch in an attempt to gain client coverage—it’s to report on information that is genuinely newsworthy or interesting.

Now, it can be difficult for smaller businesses to gather lists of journalists. It’s time-consuming, we get it. But that’s not an excuse to blanket email every email you can find.

Look into the publications that would genuinely be interested in the story you’re crafting, and strike up a conversation with someone that would find it relevant. That might take longer than a simple bulk email, but the results will be worth it.

Real conversations with journalists that are relevant to the story will result in quicker publication times, constructive feedback, and enhance your reputation—which is key in this industry!

Using tools such as Agility PR can massively help with this. Speaking from personal experience, I’ve used their system to refine a huge database down to very small lists of journalists, thanks to their criteria options such as location, industries covered, type of publication and more.

Plus, as their tool is updated constantly, you can be sure that the data is valid and the journalists you’ll be contacting are open to discussing opportunities.

Get serious about policies

Chances are, you also rely on external providers to carry out advertising and messaging. Facebook, Instagram, WhatsApp… you know who we’re talking about. Each of those channels, in particular, have been at the forefront of advertising in recent years, as businesses move towards ‘conversational commerce’.

Now, as part of the ePR, the regulations surrounding those channels is about to change.

In technical terms, Facebook Messenger, WhatsApp, Skype etc. are called “Over The Top” services. This means that they essentially do the same job as your mobile phone, but outside of the standard network i.e. you can message and call people using them.

Network providers, such as EE & Vodafone, have to make sure that your call data is anonymized or deleted. These rules don’t apply to OTT services currently, but will do as part of ePrivacy.

Here’s what it means for you:

  • To be honest, your job is pretty easy. You need to make sure that your policies are up to date and you have a copy of the channels’ policies should you need them.
  • The biggest takeaway here is that while you need to implement practical steps to remain compliant, such as cleaning your database, you also need to make sure your policies and formal documents are up to date, covering the requirements of the latest regulations.
  • This will help protect you and demonstrate you have been responsible/aware of regulations should you be investigated.

What does all of this mean for the PR industry?

Like any other industry, PR now has to put a focus on data protection.

It’s easy to get carried away, when a story is finished, thinking that every publication in the land will want to feature it because of its wide scope, but in reality, niche articles will now be more effective than ever before.

To complement this, having a transparent approach to consent (i.e. making it easy for journalists to opt out of future communications should they wish to) and policies in place that identify how you process data will protect you and your business.

Move over GDPR—ePrivacy is the new data regulation for brands

Kieran McGeehan
Kieran McGeehan is Managing Director & Compliance / Data Protection Specialist at Univate. Kieran has over 15 years of experience in data compliance, holding positions within businesses such as AXA Insurance, HSBC, The Co-Operative Insurance, and is currently chairperson of the Global Association of Data Protection Representatives.