General Data Protection Regulation

WHAT IS GDPR?

The GDPR is the EU’s process for regulating data protection and privacy for people and companies doing business with EU residents – as from 25 May 2018. It is expected that the regulation’s content will continue after ‘Brexit’. The GDPR concerns marketing messages – these include press releases that are sent unsolicited to journalists.

After 25 May, when a PR professional contacts a journalist or media person or blogger (journalist from now on) for the first time by sending an e-mail containing a press release, this is considered a marketing e-mail. The journalist will be entitled to ask to when and how they gave their permission to use their data.

This means that from 25 May 2018, when iPR contacts a journalist for the first time, we will start with a personal e-mail asking if we can send them press releases in the future. We will explain the topics and/or companies these press releases will cover. iPR will only add journalists to their email address lists once they have given their consent. if a journalist has received e-mails from iPR in the past without unsubscribing, that is considered consent to keep receiving messages on that subject. The ‘unsubscribe’ option will of course continue.

LEGITIMATE INTEREST

Introduction

Independent Public Relations Ltd (iPR) is a Public Relations and Marketing Agency specialising in travel and leisure.

The basis of iPR’s policy is ‘Legitimate Interest’. Processing journalist’s personal data is an intrinsic part of a communications team’s role when providing them with targeted and relevant content.

iPR believes that journalists, media representatives and social media influencers would reasonably expect their details to be used by communications professionals such as iPR for the purposes of building mutually beneficial relationships and receiving targeted communications content.

iPR’s uses Dotmailer and Microsoft Office 365 as data processors because it is a simple, minimal, professional and secure way to process personal information.

iPR’s policy will be documented and updated only on its web site – www.ipr-online.co.uk.

Key terms and policy

Key terms iPR policy
Personal data – any information relating to an individual For press release distribution, typically this will be name, email address and where appropriate publication name.
Event management may also include information items such as dietary requirements or RSVPs.
Press trip organisation information may also include information required by airlines and destinations, such as home address, passport information, dietary requirements, smoking or non- smoking, next-of-kin and allergies.

  • This is the minimum information needed for processing
  • Data will be accurate, and kept up to date for the duration of the event or press trip
Data controller – single point of contact of person responsible for maintaining the information held George Ristich: contactable via email george@ipr-online.co.uk
Data processor – an organisation that acts on behalf of the controller This is Dotmailer for email marketing service and Microsoft Office 365 for email service.

  • Organisations such as hotels, or exhibition centres for events.
  • Airlines and regional and national destinations for press trips.
Processing – any operation or set of operations on personal data This includes;

  • Building media lists, distributing press releases and tracking results such as opens, clicks and content downloads.
  • Event management
  • Press trip organisation
Lawful bases for processing – Organisations must identify “a lawful basis for processing personal data” before it is processed and the lawful basis on which personal data is processed needs to be documented. An organisation must establish the appropriate legal basis for processing personal data as listed in Article 6(1) of the GDPR. In iPR’s case this is legitimate interests. Independent Public Relations Ltd (iPR) is a Public Relations and Marketing Agency specialising in travel and leisure.
The basis of iPR’s policy is ‘Legitimate Interest’. Processing journalist’s personal data is an intrinsic part of a communications team’s role when providing them with targeted and relevant content.iPR believes that journalists, media representatives and social media influencers would reasonably expect their details to be used by communications professionals such as iPR for the purposes of building mutually beneficial relationships and receiving targeted communications content.

iPR’s uses Dotmailer and Microsoft Office 365 as data processors because it is a simple, minimal, professional and secure way to process personal information.

This means that from 25 May 2018, when iPR contacts a journalist for the first time, we will start with a personal e-mail asking if we can send press releases in the future. We will explain the topics and/or companies these press releases will cover. iPR will only add journalists to their email address lists once they have given their consent. if a journalist has received e-mails from iPR in the past without unsubscribing, that is considered consent to keep receiving messages on that subject.

iPR’s policy will be documented on its web site – www.ipr-online.co.uk

Subject Access Request (SAR) – Under the GDPR, individuals will have rights including the right to be informed; access their personal data; rectify inaccuracies or omissions; request deletion or removal of data once it is no longer required; restrict the processing of their data; and object to the use of their data. In most cases, organisations must comply with any SAR at the latest within one month of receipt and responses must be made electronically. iPR will comply with a SAR within 30 days of receipt via email george@ipr-online.co.uk
Personal data breach – A breach of security leading to “the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”. Organisations must take steps to mitigate the risk of data breaches by ensuring that all personal data is kept secure. Personal data is held only by iPR’s data processors (see above).

tweet us