After GDPR, contact database companies have adjusted the way they go about adding and updating contacts located in the EU in order to comply with the new rules in place. While every company may interpret these rules differently, we believe we have come up with a system that
best respects the contact's privacy while maintaining our media contacts database.

This should answer most of the questions you may have!

What is GDPR?

The General Data Protection Regulation (GDPR) is a European data protection law that has been laterally enacted by all EU member states and additional signatories such as the UK. You can think of GDPR as "one ring to rule them all" solution instead of 28 national laws on the same subject.

It replaced the Data Protection Directive and be directly applicable to all EU member states. In contrast to the Directive, the GDPR will also apply to all non-EU companies who handle personal data of EU residents.

What does personal data mean and why is this important to GDPR?

Protection of privacy is a fundamental right in Europe, but the way we share our private personal data has changed significantly in the last 50 years. Our personal data is more and more in digital form and can be shared easily with a large number of people. Just think about the data you share with the social media platforms. Therefore the EU commission has updated the existing 20 years old Directive and created the GDPR which includes the processing of various types of personal data in digital form.

Personal data is all physical or digital data that can be used to identify a natural person, for example, name, address, email, phone number, IP address, and picture. Not all of the above fill the requirements for personal data by themselves but when combined with other data you are able to identify the individual.

Some types of personal data are more sensitive than others and require stronger safety measures during processing. For example, the religious beliefs or ethnic origin of a data subject is considered sensitive data. Meltwater does not collect such data from clients.

What personal data is needed for Meltwater's services?

All personal data we collect from you or your business is collected by your Account Manager. In most cases, this includes your name and email address, which we need in order to set up the account. On top of this, we usually store your phone number.

What is important to understand is that Meltwater does not become the controller, i.e. the owner, of personal data that we use to create and update account credentials, we simply process it to fulfil our obligations set out in your contract.

What about Media Contacts and the Journalist details?

Various departments have made the necessary updates to our systems to ensure our journalist database is GDPR compliance. This is because we are the controller of the journalist database and as such fully responsible for the processing of the personal data of the journalists we have in our database.

We have the required opt-in, unsubscribe and opt-out processes in place and the database team has done a valuable job increasing the value the journalists get for being in our database.

If you import any lists or your own contacts to the service, you will remain the controller of the imported personal data and are responsible for its proper storage and use.

Meltwater's process of updating and adding the journalist's details to the database are as follows:

Where is the personal data stored?

All data, as well as personal data related to the Meltwater platform, is stored in the European Economic Area, the EEA, which includes the member states of the EU as well as Norway, Lichtenstein, and Iceland.

All data of the Engage service provided by our partner Sprout is stored in the United States. The transfer outside the EEA is allowed since Sprout is a participant in the Privacy Shield framework between US and EU/Switzerland.

Our partner Klear stores the Social Influencers data in Ireland.

We process personal data in order to provide our services to you and believe that it is our legitimate interest to do so. Before we entered the era of GDPR, collection and processing of all journalist data has been based on this legitimate interest.

Since April 12th 2018 (for German contacts since April 1st 2017) we transferred from legitimate interest to consent while processing European journalist data.

All European journalists added post this date have given us their consent. All updates to European journalist profiles that have been added prior to this date, will only be done with the consent of the journalist.

This process has been developed in collaboration with the Berlin Data Protection Authority.

Based on the communications from the Berlin DPA and our understanding, we do not have to collect retroactive consent for journalist profiles, that we have had prior to the above mentioned dates and which we do not update.

We created a website to collect consent from journalists:

By creating a profile, journalists give consent that we use and share their data with our customers for PR communication. They also accept, that we track if they open or read their emails, to optimize the communication they receive.

The profile gives journalists full control about their data and the type of communication they receive. They can unsubscribe from or subscribe to specific customers through their profile and link to their articles.

As of August 1, 2020 we no longer track email open rates for most journalists in Germany through our Journalists product. Historical email open rates have been removed as well. We made this decision in order to better respect the privacy of journalists and to remain GDPR compliant. While journalists located outside of Germany are not currently affected, this is subject to change in the future.

If a EU contact is requested to be added or updated, our Media Research team will contact the journalists and ask them to sign up or claim their profile via Our experience is, that these requests are more successful, if we can reference the customer (in particular, if the customer has an existing relationship with the journalist, opt-in rate are much higher).

The Media Research team alway seeks consent form the customer, before naming them in the journalist communication. (Reference example:. "There's been some interest from our clients to reach out and pitch you a story. With the recent GDPR changes, we want to give you complete control over who reaches out to you and how. If you’d like to start receiving pitches from Meltwater customers such as [X, Y, and Z] create your Meltwater profile.")

If we are not able to reference a customer, the team send out a general request (e.g. "There's been some interest from our clients to reach out and pitch you a story. With the recent GDPR changes, we want to give you complete control over who reaches out to you and how")

Does Meltwater follow up with journalists that are unresponsive?

Yes. If a journalist does not respond to our request, we send them a follow up email after 7 days. If we do not hear back from them at all, we will deactivate profiles that would be out of date without the update.

Can I email public EU contacts without any issues?

We believe the described process provides the legal ground to process this data. Should you receive any complaint or question from a journalist, you should refer to us. Meltwater as the data controller will be responsible to resolve these issues.

For private contacts, Meltwater is only the data processor. Your business is the data controller and responsible for collecting consent/ensuring they have legal ground to use the contact’s information.

This applies to all private contacts, also contacts that were exported from public contacts and (re-)imported as private contacts!

How should I handle complaints from public journalists?

You should inform the journalist that Meltwater is the data controller and that you used our database for the outreach. The contact email that you can share is

We will get in contact with the journalist and resolve the issue.

Can I use public EU contacts after exporting?

Meltwater’s legal grounds only apply to your business when using media lists within our platform. By exporting public contacts, you become the Data Controller of the EU personal data and are responsible for the legal grounds to use such data.

This message will appear when you export media lists.

💡 Tip

Need more help? Feel free to reach out to us via Live Chat or check out our Customer Community.

Find answers and get help from Meltwater Support and Community Experts.

Did this answer your question?