Expert Article by Matthew Parker, Profitable Print Relationships
Isn’t data regulation something for your customers to sort out?
The traditional role of the print industry has been to process data. The customer supplies data. They make sure it is all correct and complies with all legal requirements. All a printing company has to do is print and mail that data. Their job is simply to process the customer’s information.
However, the data landscape is now changing. In manufacturing terms, a printing company or mailing house is still a processor. But, with the forthcoming introduction of GDPR, data legislation now applies to processors as well.
What is GDPR?
The General Data Protection Regulation is a set of regulations that cover how companies and organisations throughout the EU capture, process and hold personal information. It I scheduled to come into force on May 25th 2018.
It is important to note that, after Brexit, the UK will adopt a very similar set of legislation. In addition, the regulations apply to the country of receipt. So, if you deal with any marketing that goes to EU countries you will still have to be fully GDPR compliant.
Why is GDPR a game-changer for printing companies and mailing houses?
Traditionally, data laws have applied to whoever supplies the data: the data controller. However, GDPR will apply to data processors (i.e. printing companies and mailing houses) as well as data controllers.
In simple terms, if there’s a problem with your customer’s data, you could also be liable for a fine. That fine can be as much as 4% of your global turnover. So it’s vital to be ready for May 25th next year.
Here are some of the key elements of GDPR:
– All B2C communication must have an opt-in, even for direct mail. Silence does not equal opt in.
– If your marketing is aimed at children under the age of 16, you must gain parental consent to process their child’s data.
– The traditional definition of personal data has changed. It is now much broader and includes factors such as social, cultural and economic data.
– The regulations apply to all companies managing the data, even if they are based outside the EU.
– There is a higher level of requirement to report data breaches.
What should a printing company do now?
– Firstly, appoint someone to manage getting ready for GDPR. This won’t be a full-time role. However, this change does require some project management. Make sure that they report to an appropriate level in your company and that everyone knows the importance of the new legislation.
– Next, make sure that you are aware of all the details of the new rules. A good place to start is the Information Commissioner’s Office, which has regular updates, blogs and action checklists. Note that the final guidelines have yet to be agreed and this won’t take place until December. However, it is worth preparing now using the draft guidelines provided by the ICO.
– Thirdly, create an action list of areas that your company will need to review. The next section of this article contains some specific printing industry action points.
Here are some specific issues that a printing company should look at:
– Be prepared to audit your customers’ data and data collection processes. You should create a specific process to make sure that your customers comply with GDPR as you now also have responsibility for this.
– Review any multi-channel campaign designs that you create. Will you need to add additional opt-ins?
– Review contracts with your customers. You may need to add additional clauses to deal with the implications of GDPR. You will certainly need to define data responsibilities more clearly.
– Review where your data is held. If you use off-site or cloud storage, your suppliers will need to be GDPR compliant. Overseas suppliers will need to be aware of GDPR.
– Review your own data security. You may wish to consider working towards implementing ISO27001, the international information security standard.
Time is running out!
According to Printweek and the DMA, only 54% of businesses are on track to be ready for GDPR implementation. 24% of businesses do not even have a plan yet! Remember, you cannot afford to be one of the 24%.
GDPR will be introduced on 25th May 2018. Make sure you are ready for it.
Founded in 2009, Parcelhub is a privately owned and operated provider of tailored fulfilment and distribution solutions. Growing 40% in financial year 2016/17, Parcelhub is experienced dealing with multichannel retailers, global brands, printers, publishers and agencies worldwide.
Parcelhub’s dedicated account management team has a wealth of experience dealing with a broad range of complex fulfilment projects. Solutions include eCommerce shipping and fulfilment, printed matter fulfilment, picking and packing.
Parcelhub distributes over 6 million parcels annually via a carefully selected range of carrier partners.