MediaHQ is the answer to all your compliance issues around GDPR. Here is a quick guide on what it is all about.

What does GDPR stand for?

The General Data Protection Regulation.

What is GDPR?

It is a regulation by which the European Parliament the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Who does it affect?

The GDPR applies to ‘controllers’ and ‘processors’ or in layman’s terms anyone who stores information about people.

When did it come into action?

The regulation came into full effect on the 25/5/18.


MediaHQ has you fully covered in this new GDPR era. Given the penalties, it is extremely important that you and your business make the suitable investments.

Whether it be from an educational or strategy perspective, you need to ensure you are abiding and being fully compliant under the law. We will answer some core components to the new GDPR regulation below.


Can you show where you got your data from and how you use it on an ongoing basis?

MediaHQ has a database of over 6,500 people working in the Irish media industry. This has been curated from information provided directly from media organisations or journalists themselves.

Our MediaHQ clients, including commercial, government, not for profit, and charity organisations, use our system to send press releases to these journalists. We tag journalists so that lists can be built and press releases sent to targeted sectors in the media. In terms of what data we collect, each media contact’s profile contains their professional work email address, work address and telephone number, a photo and a career description. Their LinkedIn and Twitter page may also be added to their profile.

In addition to having traceable permission for all the contacts on the MediaHQ system, we implemented a traceable opt-out function when GDPR came into affect on May 25th 2018. This allows you, in a simple way, to track and manage those journalists that don’t want to get press releases from you.

In 2017, we started preparing for the new regulations by adding GDPR permissions gathering functionality into the backend of our system. Our team of researchers input how they got the information and if there is ever a query from a journalist or client, we are able to check against this.


Can you show you had a valid reason for collecting this data?

As a media directory, we provide communication professionals with a system to issue press releases or pitch emails, which are a globally recognised format for communicating news and stories to the media.

We have a zero tolerance, one strike and you’re out, spam policy. Spam is anything that doesn’t fit the recognised format for receiving information from public relations professionals.

We also have a media lists hub feature that provides access to over 210 media lists that are tailored by topic to ensure journalists only receive relevant press releases.


Can you show how you are keeping your data up to date and not storing it past its ‘sell-by date’?

Because MediaHQ is the chosen tool for the distribution of press releases, for a very wide number of organisations, we get to see who’s moving in the media very quickly.

Our research team are constantly monitoring media movements and promptly updating profiles on our system. We have a special feature that allows clients to flag profiles or organisations if they think they need to be updated. We also check press releases to see if any email addresses are bouncing. We periodically carry out checks with media organisations to ensure everything listed is up to date.

Clients are also allowed to upload their own contacts to the system. It is a requirement of the client to ensure that these contacts are GDPR compliant. Our system will automatically delete any contacts that haven’t been used within a year.


Can you show how safely you are keeping your data?

All of our data is stored in managed virtual servers over a number of secure locations.

On an individual basis, only MediaHQ clients can access our media contacts database under a strictly controlled password. We have a very strict policy in cases where we believe this password has been breached. We immediately disable all access to the account and there are protocols for getting it reopened.

This ensures that if any issues arise, clients or journalists can come to us as a point of contact. When people request to be removed from the system, we delete their profile immediately and do not keep a record of their emails. We note their name, organisation and position so that they won’t be added to the system unless they request it.



Further information

MediaHQ is the answer to your compliance issues around GDPR. Here is a quick guide to as to what it is all about.

What does GDPR stand for?

The General Data Protection Regulation.

What is GDPR?

It is a regulation by which the European Parliament the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Who does it affect?

The GDPR applies to ‘controllers’ and ‘processors’ or in layman’s terms anyone who stores information about people.

When does it come into action?

The regulation comes into full effect on the 25/5/18.

For a more detailed look at the intricacies of GDPR, please continue your reading here:





Data Protection and GDPR Statement is both a processor and a controller of data.

Data Processor: When customers use the MediaHQ database to send press releases by adding contacts to media lists then’s research team research and validate these contacts (name, email, organisation, mobile, phone number, job title). In is also a Data Controller sourcing and updating personal data on journalists for use by our customers.

The purpose of Data Processing by is to provide customers with personal data on Journalists from Ireland and Northern Ireland so that targeted communications can be sent to them in line with the wishes of the data subjects- namely that they be sent targeted news relevant to their  so that they can perform their professional functions. The data processed from our customers is available for the exclusive use of our customers.

We comply with the following GDPR principles:

  1. Article 5(a): “processed lawfully, fairly and in a transparent manner in relation to individuals” will review all submissions made by customers to see if the contact is a current member of the media and to see what personal information is available about them online. We will also research publications and journalists independently of customer suggestions in order to expand our contact database. Only publicly verifiable information about the data subject will be used in database which is seen by all customers.

Note: our researchers always document the sources where information about the data subject was found online. This complies with article 9(2)(e) Conditions for special categories of data where – “Processing relates to personal data manifestly made public by the data subject” in order to establish consent and therefore the lawfulness of the processing. As the data collected is made publicly available by the data subject for the purpose of receiving news stories, and as the MediaHQ database is sold only to PR departments wanting to send news stories, complies with the conditions of lawfulness, fairness and transparency.


  1. Article 5(b) “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”’s database is built in order to provide our customers with an up to date database of journalists, and media outlets who are interested in receiving news and information from organisations.


  1. Article 5 (c) “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;” will only store information on data subjects which will assist and improve the above mentioned legitimate purpose. We do not store information (even if it is publicly available) which does not help with this purpose. We will (for example) provide information on the type of stories the data subject is interested in and the region in which they operate so that they will be able to receive targeted communications which are of interest to them.


  1. Article 5 (d) “accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, are erased or rectified without delay;” monitors the social media accounts, publications and more of data subjects within the database. Where changes are made, our research team will review their data to make sure that they have not moved publications, changed subject areas, or moved out of journalism all together. also monitors email bounce backs and customer feedback with all issues being dealt with within 3 working days. In this way we ensure that data is kept up to date and relevant.


  1. Article 5 (e) “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed” Data subjects who no longer fit the criteria for inclusion in the MediaHQ Database, if they are no longer working in the media, are removed from the system. Once they are removed from the system an update will be posted to the Newsfeed to inform clients of this change.


  1. Article 5 (f) “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.” This data is securely held and processed using methods outlined in related policy documents such as the Information Security Policy, with all the data residing in the EU region.
    1. Measures taken to protect data are documented in the Information Security Policy. make every effort to protect customer data from unlawful or unauthorised processing, accidental loss or damage.
    2. All staff have background checks to ensure their suitability to work with customer data and are only granted access when necessary to perform their tasks. All staff are made aware of their customer and data protection responsibilities and sign confidentiality agreements as part of their employment contracts. Regular training is provided to staff on the latest security issues and compliance requirements.
    3. All customer and journalist data is held securely in facilities which operate under ISO 9001 and ISO 27001 / 27018 standards. Regular audits and reviews are conducted to ensure the standards are maintained in all facilities utilised by
    4. If become aware of data breaches of personal data, we will notify MediaHQ users without delay. Where applicable will maintain logs and audit trails to support the remedial action required during a breach.
  2. Article 5(2) requires that: “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”’s researchers  comprehensively document where information on the data subject has been sourced. This proof can be requested by a customer or data subject at any time. In addition, have an appointed Data Protection Officer (DPO) to ensure ongoing compliance with GDPR. The role of the DPO is to inform and advise the controller or the processor and the employees who are processing personal data of their obligations pursuant to the regulations, to monitor compliance with the regulations and to provide any necessary staff training.