View all newsletters
Sign up for our free email newsletters

Fighting for quality news media in the digital age.

  1. Comment
September 19, 2017

What the European Union’s GDPR means for journalists and publishers

By Dave Gurney

In ten months the EU’s General Data Protection Regulation (GDPR) comes into force.

It replaces the Data Protection Act and will ultimately change the way that organisations of every kind handle their customers’ personal information.

For the publishing sector this means that there will be new rules around reader consent, profiling, portability and the right of the consumer to be forgotten.

Any journalist or publisher handling European citizen data, even if they are physically located outside of the EU, will have to comply with this incoming regulation by 25 May, 2018.

Access to increasing amounts of consumer information has enabled magazine and newspapers to better understand their readers and to provide more relevant articles either online or in print.

For journalists and publishers there are five key areas of relevance in GDPR:

  1. Consent From next May publishers must gain opt-in permission from readers to contact them. This requires a clear affirmative action. Failure to opt-out will no longer be sufficient consent and post-May anyone continuing to communicate with a reader that simply hasn’t opted-out will be in contravention of the directive and open to a four per cent of global turnover fine. This is where many publishers will fall down as a significant proportion of the customer data held by the industry is failure to opt-out.Consent must also be granular with separate options being provided to customers; for instance permission to send direct marketing materials by email, mail or via SMS etc.

A customer preference centre; like those provided by Facebook and Twitter which enable members to set their privacy settings, is the easiest and most transparent way to manage customer permissions.

Content from our partners
Publishing on the open web is broken, how generative AI could help fix it
Impress: Regulation, arbitration and complaints resolution
Papermule: Workflow automation for publishers
  1. ProfilingPermission must also be obtained to process a reader’s data. For instance if a subscriber has moved house and you want to trace them you must first have obtained their consent to do so. Again it is best practice to provide customers with a preference centre so they can explicitly tell you what they are and aren’t happy with when it comes to profiling.
  1. Portability

Portability means that individuals can obtain and reuse their personal data for their own purposes across different services. In essence this means that a reader can request all of the information they have provided to you and their transactional history.

You must provide this data to them within a month in an easily readable format.

This provision has been included in GDPR to support customer choice, boost consumer empowerment and reduce ‘lock-in’. It will have the biggest impact on data-driven sectors such as banks, local government, cloud storage, insurance, streaming services and social networks with savvy customers using it as a way to switch providers and find cheaper deals.

Whilst less likely to be an everyday occurrence for publishers it is crucial that you are prepared so that if requested you are able to provide the relevant data to your readers quickly and cost effectively.

  1. Right to be forgotten 

Consumers have the right to have their information deleted if they so require. If this is requested all data pertaining to that individual must be removed from the database as soon as possible and communication will no longer be lawfully allowed. This means if a reader or subscriber asks to be removed from the database you have to comply.

  1. Security

From next May data security will also become more of an issue. Any data breaches must be reported within 48 hours – a breach can be anything from a hacker stealing customer information to accidentally leaving a subscribers’ account information open on your screen for others to see.

Whilst many might think that only the largest companies, like TalkTalk or Equifax are the target of hackers, they’d be wrong. Last year 4,120 SMEs suffered a malicious data breach.

Whilst the above might seem like an insurmountable task, GDPR is transforming the way that businesses interact with their customers.

Ultimately for publishers and journalists it will provide a framework that engenders greater relationships with readers, which can only be a good thing resulting in better marketing return on investment.

Dave Gurney is managing director of marketing services company Alchemetrics

Topics in this article :

Email pged@pressgazette.co.uk to point out mistakes, provide story tips or send in a letter for publication on our "Letters Page" blog

Select and enter your email address Weekly insight into the big strategic issues affecting the future of the news industry. Essential reading for media leaders every Thursday. Your morning brew of news about the world of news from Press Gazette and elsewhere in the media. Sent at around 10am UK time. Our weekly does of strategic insight about the future of news media aimed at US readers. A fortnightly update from the front-line of news and advertising. Aimed at marketers and those involved in the advertising industry.
  • Business owner/co-owner
  • CEO
  • COO
  • CFO
  • CTO
  • Chairperson
  • Non-Exec Director
  • Other C-Suite
  • Managing Director
  • President/Partner
  • Senior Executive/SVP or Corporate VP or equivalent
  • Director or equivalent
  • Group or Senior Manager
  • Head of Department/Function
  • Manager
  • Non-manager
  • Retired
  • Other
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
Thank you

Thanks for subscribing.

Websites in our network