It’s time to get to grips with the General Data Protection Regulation

Canon EXPO 2015

Digital printing and data have always been a good fit. When the first digital presses appeared in the 1990s, the potential of using data to drive personalised print was a major benefit — the fabled “print run of one.”

Now such personalisation is at the heart of transactional and direct mail (TDM) printing, a growth sector that has evolved far beyond simple digital overprinting of names and addresses onto pre-printed templates. Today TDM companies are more likely to have ‘white paper’ workflows, which means printing an entire document — including graphics, billing data and personalised incentives — onto rolls or pallets of blank paper.

Some are taking things further, providing clients with data management and analysis. Amid all the talk of ‘Big Data’, it’s a logical step. IBM estimates that we create 2.5 quintillion bytes of data every day, and many businesses are simply overwhelmed by the sheer volume of data they have about their customers. They need help with such fundamentals as deciding not only which data is useful, but also which of the many communications channels at their disposal are most effective.

For PSPs constantly on the lookout for new, high-margin revenue streams, there are undoubtedly opportunities in taking responsibility for clients’ data. And you don’t have to be a large company to test the water in the TDM business, because a variety of variable data and data analysis tools are available. First, however, there’s another acronym you should be aware of — GDPR.

It stands for the General Data Protection Regulation, it’s a major item of European Union legislation, and it’s coming soon. It’s needed because the legislation governing this area dates from 1995, and a lot has changed in 20 years. In particular, developments such as hybrid cloud computing and social networks have had a huge impact on data storage and processing. Hence the pressing need to align data protection rules throughout the EU.

The GDPR will apply across all 28 EU member states and affect any business or organisation that gathers, stores or processes personal data about anyone’s private, professional or public life. And by ‘personal data’, we’re talking about anything from someone’s name and photo, through their social media posts, to their bank details. The costs of failing to comply have not yet been finalised, but they are likely to be severe; fines of up to €100 million or 5% of turnover have been mooted.

When will all this happen? The EU is expected to adopt the GDPR in May 2016, after which there will be a two-year transition before it comes into full force in 2018. As a regulation — not a directive — there will be no need for changes to national legislation and it will apply directly to every member state.

If you haven’t heard of the GDPR, don’t feel bad, because you’re far from alone. Recently file transfer specialist Ipswitch discovered that 52% of European IT professionals weren’t prepared for it. For PSPs working with data it’s concerning, because that 52% may include your clients.

So what can you do to prepare? The first thing is, find out all you can about the directive. A good starting place is the data protection authority for your country. Next, nominate someone in the company to oversee compliance, because it’s likely the GDPR will mandate organisations appoint a Data Protection Officer (DPO). In most cases the DPO can be an existing staff member with the right expertise; in larger organisations it could be a full-time role.

Their first job will be finding out how the GDPR applies to you, so that you can plan for compliance. Early on, check over your contracts with clients so that you know who is responsible for what, and be prepared to renegotiate. You should also be ready for greater scrutiny in the future, not just from national data protection authorities but from clients too, because when they get to grips with the GDPR they will want total confidence in whoever is handling their customers’ data. This will mean having sufficient data security measures in place, plus an up-to-date disaster recovery plan. You will also have to demonstrate that the business is financially secure.

Finally, don’t wait for clients to contact you. Being proactive will go a long way towards reassuring them and helping you win a share of the important TDM market.

Get your copy!

Sign up here for your printed or email copy of Think Digital.