40 years of European data protection: What does this mean for press relations and home offices?

Whether in relation to home office or social apps such as Clubhouse, debates about the protection of personal data, probably one of the most important topics of the digital age, are sparked time and again. After all, who wants their most private information or passwords to be accessible to third parties without protection?

Exactly 40 years ago, on January 28, 1981, the European Council signed the Data Protection Convention 108 "for the protection of individuals with regard to automatic processing of personal data". This convention was the first legally binding treaty for the protection of personal data and serves as a model for a large number of data protection regulations. 

Since 2007, European Data Protection Day has been celebrated annually on January 28 to raise citizens' awareness of how they handle their own data. The basic idea behind data protection is that everyone should have the right to decide for themselves which persons or institutions have access to which personal data and at what time. Digitization has increased international data transfers and the quality of data collection, making data protection even more important. In response to these developments, the General Data Protection Regulation (GDPR) came into force in May 2018.

Data protection in press relations

The GDPR imposes new information obligations on all those who collect or process personal data. Since the regulations came into force, users must actively consent to the collection and processing of their data. For the PR industry, these regulations have significant consequences, because press work depends on regularly contacting people with whom there is no personal acquaintance: Journalists. 

By law, press releases containing product advertisements may now only be sent with the consent of the recipients. However, a decisive exception applies, namely if either the recipient or the sender of the information has a legitimate interest in receiving or sending the information. Qualitative press work that provides journalists with high-quality information is therefore not endangered by the new data protection regulation. Nevertheless, secure and centralized storage of press and media distribution lists is highly relevant in order to protect personal data.

Data privacy in the home office

Even in the home office, there are a number of aspects to consider with regard to data privacy that were initially often forgotten due to rapid conversions from office to home office work in the wake of the Corona pandemic lockdowns. 

For example, an official home office agreement between employer and employee is helpful in addressing data privacy in the home office. It specifies which guidelines and security measures must be observed. It is also important that private and professional data are kept strictly separate. 

If a private device is used for work in the home office, a secure VPN connection to the company server must be ensured and personal data must only be stored locally with encryption. Employees in the home office must ensure that no unauthorized persons can gain access to company data. This includes not keeping work-related documents freely accessible and not sharing passwords. If these guidelines are implemented, nothing stands in the way of secure and data-protection-compliant work in the home office.