What does GDPR mean for PR?

If you're reading this, you're obviously one of the people who a) hasn't become overwhelmed by the number of updated privacy policy emails in your inbox, and b) understands how far-reaching the implications of the new General Data Protection Regulations are.

Much has been written about the new rules (due to take effect tomorrow) and how companies can bring their products and services in line with them - such as our three-part guide here. But there have also been stories of several video games forced to close because making them compliant is so intensive and costly for smaller businesses.

What hasn't been discussed is the impact on PR and the agencies attempting to spread word of those games to as many outlets as possible.

You might be forgiven for thinking the transition to GDPR is the perfect time for anyone on PR mailing lists to cut down on the number of emails they receive, thus limiting the audience and therefore reach of each agency. But leading UK games PRs tell GamesIndustry.biz that they are actually embracing the change.

"I believe it's a good thing for whoever approaches public relations in an ethical manner," says Renaissance PR founder Stefano Petrullo. "GDPR means that now people need to know what data we have about them, why we have it and how we use it and this is only a good thing for an industry that is driven by personal relations.

"May 25th is not a deadline, but a new beginning where we have to continue act responsibly - or, for some people, start acting responsibly."

Kinetic Atom owner Korina Abbott adds: "Although it feels like a lot of work on the surface, ultimately it will make public relations much more hands on and I welcome any practises that make private information more private. We all benefit from this personally."

Gareth Williams, chief operating officer at Little Big PR, agrees that GDPR is " a good thing, generally speaking" but recognises that it's "a huge undertaking" for the industry. Nevertheless, he stresses it's a necessary one.

"Privacy should be valued, but the implementation of the rules could be better; there is a sense of wait-and-see to many elements of legislation that even legal advisors won't commit to either way," he says.

"Because we're now managing [data] more efficiently, GDPR legislation will actually make us better at our work. Compliance is a legal obligation, but it's also something to be proud of for a growing business like ourselves." Several of our experts believe it will actually help improve the direct and personal relationships they have with the press and other recipients of their communications, which is central to the entire discipline of PR.

"It's given us some extra homework over the last few months - and ironically an inbox full of GDPR emails - but ultimately it raises the industry bar when working with journalists and other people's data," says Indigo Pearl boss Caroline Miller. "Hopefully gone are the days of PRs sending press comms without double checking the contacts beforehand."

Abbott adds: "Although it does seem really scary on the face of it, some aspects regarding PR are still unclear. Over the last few months we have seen numerous articles from the likes of PRWeek and interviews with huge agencies like ResponseSource, saying this could be a benefit to the PR industry, and I am inclined to agree with them.

"GDPR will make growing huge databases more difficult, but a PR's skill comes with relationship and consent to be contacted is a vital first step in that. Ultimately, many of the people we contact are not providing personal information. Most emails are work contact addresses which fall under the 'legitimate interests' umbrella. However, we still need to adhere to the data handling requirements. This includes only keeping the data we need to do our job - no photos, no personal information, etc - deleting data swiftly when requested and storing it securely."

That's not to say it's been an easy transition. As mentioned, GDPR has already taken its toll on smaller games studios and the titles they operate, and some PR agencies aren't much bigger in terms of headcount. Even so, these companies have been working hard over the past few months to ensure they're ready for tomorrow's new regime - if they weren't already.

"GDPR isn't really aimed at small or medium sized companies, so the investment in both time and the costs can be a little steep," says Williams. "I'd wager that small to medium sized companies are more likely to be compliant than not, but those that aren't, probably still aren't aware that they're expected to comply. As we move into the next decade, it'll become clear that contact details won't hold intrinsic value anymore, but the relationships and how they are managed will. People work with people, not data, but those that best utilise that data will thrive. Those that don't will find life very tough.

"As an example, of all the games websites I'm registered with, only one has contacted me about my privacy as far as GDPR is concerned. And this is a small website. Not a single international website has been in touch, which I find incredible."

Williams goes on to say that the process of updating everything and informing contacts of the new policies doesn't take as long as you might think - in fact, he says it only took around an hour to reach out to his established database of contacts, and an automated process handles their response.

"For future lists and contacts that we create, it's a very simple process, but one that's imperative we as an industry continue to invest time in," he continues. "Privacy by default is something I personally believe in, and we should never assume it's ok to become lazy at any point. Once you've adopted the principles, there's no turning back."

Petrullo adds: "The only major issue is when you add someone new: you have to contact them and tell them what you data have, why and how you are going to use it, as well as share your privacy policy. It's one more email to send every new contact we have, but it's also good practice to maintain relationships and we notice people are reacting really well. Besides, I believe most agencies nowadays do not add 1,000 contacts a day so it should be quite manageable."

As you'll no doubt have noticed from your own inboxes, many companies are using external mail distributors now such as MailChimp, with a simple opt-in/opt-out system to bring their audiences up to speed. Limiting access to this system internally also improves privacy - Abbott, for example, tells us that "only two people within Kinetic Atom can access the information". Even so, there are still challenges to overcome.

"Our largest issue is not knowing how influencer and freelancer personal information should be stored as, to my current knowledge, this can be classed as legitimate interests or personal information," she says. "I believe this is still being discussed but I might be out of date on that.

"Unless you're looking to grow massive contact lists, this isn't something that will be too large a task. That said, I run a small agency and we like to keep our outreach focused and relevant as much as possible so it might be different for larger agencies."

Preparations for GDPR have been months in the making, culminating in the tsunami of update requests flooding into inboxes these past few weeks. Despite the raising awareness of why these changes are happening, agencies have still been concerned about the impact on their audience.

"I was terrified to lose my contacts once I offered them the option [to opt out]," says Petrullo. "But this did not happen at all, so I feel a bit better."

Stuart Taylor, director and owner of Dead Good Media, notes that his team has "always tried to be as focused as possible on who we target so the size of our audience has not really changed". Meanwhile, Williams tells us requests for removal have been "less than 0.001%."

"Spreading the message far and wide is still part of the traditional 'spray and pray' approach, but PR is much more targeted these days," he adds. "Where coverage is measured in Advertising Value Equivalent still, of course there will be a drop in value as perceived by brand teams. But the measurement of coverage against a multitude of factors will actually assist anyone that invests time reporting metrics, and GDPR is an opportunity to double down where targeting and valuation is concerned."

As much as agencies have had to work hard to ensure they are GDPR compliant in time for tomorrow's deadline, few expect the new regulations to have much impact on their day-to-day operations going forward. As of next week, it will be business as usual.

"To be honest we don't see any real change here," Miller says. "We are using secure systems to hold people's data and, in addition, we subscribe to and use the services of GDPR compliant media databases and mailing distribution companies. Our experience of building our PressXtra website and code distribution tech has also helped prepare us for this. We also use social media within our comms campaigns and this helps us reach bigger audiences, with many journalists communicating with us via Twitter and so on."

She continues: "Gone are the days of people having their own personal media list on their own computer. We've put procedures in place that if someone emails one person in the office asking to be added or removed from our contact lists, that person's details are then centrally processed and therefore changed across the whole agency. And I think it's just made everyone more aware of how data is moved, used and stored - and that's just a good thing."

Taylor agrees: "Apart from being more aware of how we need to protect and respect personal information, we are not radically changing how we do things post-GDPR. We still have the opt-in form for our mailing lists, and everyone who receives a communication from Dead Good will still continue to have the option to opt out at any time."

GDPR is primarily a European initiative and mainly affects business within the EU. But since the games industry is an international one, many are choosing to apply these practices globally - and with good reason.

"The benefit of European agencies is that our compliance covers the world," Williams explains. "It's a grey area when dealing with non-EU data, but by applying the rules to everyone now when convergence is likely, we'll be ahead of the curve."

Taylor adds: "This has been an opportunity to tighten up what we do, so rather than have different rules, we've attempted to unify how we contact media and influencers across our global databases."

GDPR comes into effect tomorrow, but the consequences are likely to take months or years to be truly understood. Some view the new regulations as overly strict, while others believe they strike the right balance, but for our PR experts, it's been a welcome reminder to carefully handle the personal information they deal with on a daily basis.

"There have been a lot of lazy PR practises with huge paid-for contact lists," Abbot concludes. "But I don't feel like that's something the games industry has seen too much of as it's a relatively small industry and relationships are key. Even my week-old new company email address has found its way onto irrelevant mailing lists recently.

"This isn't just limited to journalists. It's hard to say at this early stage if it's too strict - I'm sure that a change this significant may need some tweaking over time. Either way, I'm sure we're all tired of the GDPR emails by now."