The Journalist July-August 2018

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

As confusion continues over GDPR, Ruth Addicott looks at what the new regulations mean for journalists and the media industry as a whole

Business as usual?

I

f you’re confused about the General Data Protection Regulation (GDPR), it’s safe to say you’re not on your own. The European legislation, which came into effect on 25 May, has left MPs baffled, academics scratching

their heads and businesses frantically emailing asking if it’s ‘still OK to stay in touch’ (most of which was apparently unnecessary). Even restaurant critic and columnist for The Times Giles Coren took a break between meals to tweet: “Do all these GDPR opt-in emails mean that if I don’t respond (which I won’t), my inbox will revert to some prelapsarian happy space of personal communications intended only for me and with no intention to sell me anything at all?” So what does the GDPR mean for journalists and

journalism as a whole? Aimed primarily at giving people more control over how

companies use their personal data, the GDPR was brought in alongside the 2018 Data Protection Act to replace the UK’s 1998 Data Protection Act and the EU’s Data Protection Directive from 1995. But, with journalists exempt from most of it, how much difference is the GDPR likely to make to our everyday lives? Jon Baines, data protection adviser for law firm Mishcon de

Reya, says: “I don’t see things changing that much for journalists. It is effectively going to be business as normal. “We’ve had data protection law in the UK since 1984 and in its current iteration since 1998. The 1998 act had a carve-out broadly for journalism which says that if you are processing personal data with a view to publication and you reasonably believe that publication is in the public interest, then you are largely exempt from a lot of the data protection principles and that will apply under GDPR.” There are a few key principles, however, that journalists need to be aware of. One area where there is no exemption is data security.

Journalists are expected to have good measures in place with any storage medium such as external drives, USB sticks and SD cards, including those in phones, password protected at the very least.

Baines recommends journalists also get devices encrypted. That applies not just to reporters on undercover

10 | theJournalist

investigations involving public figures but also to local newspaper journalists writing about people living in the areas they cover, who also have an expectation of privacy. Potential fines for a data breach have increased substantially (up to €20 million or four per cent of annual turnover), which is something Baines also says journalists need to be aware of. While publishers cannot send a direct marketing email

without the consent of their readers unless there is an existing customer relationship, consent is not really an issue for journalists and doesn’t apply when emailing pitches or approaching contacts. “You wouldn’t be able to investigate individuals if you were reliant on their consent,” notes Baines. So will it mean fewer press releases from PRs? “As private individuals, I think we may see less spam but, in terms of journalists getting fewer press releases, I don’t think they should. If you’ve signed up or asked for them, then you’ve given your consent to be sent them.” Another area is the ‘right to data portability’

“ ”

You wouldn’t be able to investigate individuals if you were reliant on their consent

where individuals can obtain and reuse their personal data for other services. In theory, a reader can ask for all the information they have provided and their transactional history, which must then be provided within a month in an easily readable format. Alternatively, a journalist could file a ‘subject access request’ and find out what information their editor or colleagues have stored on them, including emails, performance reviews, job interviews, payroll records, absence records, disciplinary records, CCTV footage and recordings of phone calls to, from or about them. Although it was possible to obtain this information before, GDPR makes acccess easier and has cut the turnaround time from 40 days to 30. As for journalists being required to provide information to the subject of a story, an exemption applies. If, for example, an interviewee requested to see notes or a transcript before publication, a journalist would not be expected to provide it. One area that could pose a challenge is the ‘right to be

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28