Over the last year, I have had hundreds of conversations about the GDPR and its impact on marketing. Most of them start with a question, but the bad news is that they normally start with the wrong question. 

The first thing most PR and marketing people want to know about GDPR is, ‘can I continue to send e-mails to my existing list?’ However, irrespective of whether that list is full of journalists, prospects or customers, the real question should be, ‘what is it that I can do that will make people want to hear from my business, buy from us and not regard the content we send them as intrusive?’

The answers to those questions, oddly, lies in the works of Johannes Gutenberg, George Orwell, Eleanor Roosevelt and Sir Tim Berners Lee.

Johannes Gutenberg and consent

In 1439 Gutenberg was the first European to use movable type and he is credited with inventing the printing press, ultimately allowing the mass production of books and magazines. In many ways, we might argue that his gift to humanity was mass communication. He also teaches us a lot about the question of consent in GDPR.

When Gutenberg was designing the first printing press, he couldn’t have anticipated the introduction of the postal service, television, radio, the Internet, or e-mail. He cared about making information freely available and ending the monopoly on education held by the literate elite.

He didn’t anticipate a time in which, rather than fighting for access to information so that everybody could create an adequate standard of living for themselves, we would start forcing information about ourselves onto other people. He didn’t anticipate SPAM.

There was no need for consent back in 1439. Instead, information was regarded as liberating – a freedom which everybody should be entitled to.

And that’s how you should think of the information you send to your customers. Does it liberate them? Does it make them freer, or less free? Are you trying to trap them into behaving in a way which won’t benefit them, or encouraging them to do something that will have a positive effect on their lives or their business?

The GDPR sets a high standard for consent, but you often won’t need it at all. The ICO says that ‘if consent is difficult, look for a different lawful basis’. So, you don’t need to delete your e-mail marketing database, like Weatherspoon’s famously, did in 2017, but you should make your content liberating.

George Orwell and legitimate interest

In his original preface to Animal Farm, George Orwell wrote, “If liberty means anything at all, it means the right to tell people what they do not want to hear.” He could almost have been referring to the concept of legitimate interest as it is applied under GDPR.

Even presuming that we’ve made our content liberating, educational, interesting, and funny, someone who hasn’t yet seen that content might not volunteer to receive it.

Similarly, you may have met that person in a context where asking them to subscribe is inappropriate or downright weird – at a networking event, for instance. I personally don’t want to help create a Black Mirror-style dystopia, in which we see each other’s social media stats on a heads-up display every time we meet, subscribing or unsubscribing, blocking or unblocking as our social whims dictate.

This illustrates that, as content producers, we need to be able to share material with people that we believe might legitimately be interested in it, provided it’s necessary and done in a way the recipient could reasonably expect. Legitimate interest allows us to do this.

Eleanor Roosevelt and the rights of the individual

Eleanor Roosevelt, nicknamed the first lady of the world, was also the first chair of the UN and oversaw the drafting of the Universal Declaration of Human Rights.

Amongst her key achievements was establishing, in articles 28-30 of the declaration, a general way of using these rights and, crucially, those occasions on which the rights do not apply. In most cases, this is because the individual’s rights limit the “rights and freedoms of others” and limit the law’s ability to deliver, “the just requirements of morality, public order and the general welfare in a democratic society”.

The GDPR also recognises the rights of the individual and sets them out in such a way that they don’t limit the reasonable functioning of society and business. The key way in which these rights are misunderstood, and the misunderstanding that drives fearful marketers to ask the wrong question about their mailing lists, is the idea that these rights include not receiving e-mail without having subscribed to an e-mail list first.

The reality is that legitimate interest provides a reasonable basis for processing data, including sending email. The key rights with which you should abide include providing information about how you will use the data and allowing the recipient access to their data. You should also provide the ability for them to move their data, change their data or remove themselves easily from a dataset. Crucially, they also need to be provided with the right to object.

Sir Tim Berners Lee and automated decision making

Sir Tim Berners Lee, the well-documented inventor of the World Wide Web, is also one of the pioneer voices in favour of net neutrality and has expressed the view that ISPs should supply “connectivity with no strings attached”.

Net neutrality contends that we should not discriminate or charge differently by user, content, website, platform, application, type of attached equipment, or method of communication.

The GDPR contains a similar right, but here it is the right of the individual to control the way decisions are made based on their personal data, rather than the rights of the individual to access information, that sits at the heart of the problem.

The GDPR’s ‘Rights related to automated decision making including profiling’, which covers an individual’s rights not to have decisions made about them automatically – using AI or an automated procedure, is a difficult subject to have certainty on.

It clearly covers an automated decision about whether your mortgage or credit card application is accepted or rejected for instance. But the extent to which it covers automated decisions using marketing automation software is questionable and requires more research. However, because GDPR is complaint-driven regulation, it is worth considering – every e-marketing list has a pedant who may raise a complaint.

You should prepare your privacy and data handling procedures in advance of the introduction of the regulations, to ensure that any complaints can be dealt with in the easiest and least interruptive way possible. If the rights on automated decision making were as clear as Sir Tim Berners Lee’s thoughts on net neutrality, the future of marketing automation would be much clearer.

The impact of GDPR on PR

From a PR point of view, you should be aware that, even if a PR person only stores profiles on the journalists he or she works with, including background, contact details or preferences, for instance, the PR person must still be GDPR compliant.

This is because the GDPR is not a set of regulations for direct e-mail, it’s a set of regulations for storing data. Profiling is a method of data storage and is thus regulated.

You should ask your PR agency:

1, Do you build your own media lists or use a third party to create them?

2, If you create your own media lists, how do you build them? Has everybody on that list explicitly consented to be on it, either directly to you or to a third party?

3, Does everyone on that list have the chance to remove themselves from it? Is it as easy to remove themselves as it was to join the list?

4, Do you build any other kinds of lists? For instance, individuals at trade bodies or individuals with high levels of social media influence? Have these people consented to be on the list and can they remove themselves?

Asking the right question

I’m not a GDPR guru. However, as a PR consultant, I am part of the answer when my clients address their own GDPR questions. My goal in writing this article is to help my clients and the audience of Fourth Voice overall, begin asking the right questions when they address their PR and marketing campaigns through the lens of the GDPR. Instead of asking, ‘can I continue to send e-mails to my existing list?’, we should think like Gutenberg and ask does my content help liberate my audience? Then we will be asking the right questions.


Richard Stone

Richard Stone


Richard Stone, managing director of Stone Junction, the technical PR agency