GDPR and Printed Matter
We know GDPR (General Data Protection Regulation) is coming (May 2018) with many are working at getting ready whilst some haven’t even started, but either way, enforcement will start in May 2018.
Speaking with other people, the consensus, is that they’ll pick a few companies that are violating the rules and make examples of them, to scare the many in to acting or implementing and probably keep this up till it just becomes standard practice and the software and systems used help ensure it works on autopilot in the future.
How Does this Affect print?
Concern about the validity of any databases supplied for printing used to be the responsibility of the supplier of the data.
That’s changed, now any company processing (printer for instance) personal data can now be fined under the same rules as the provider of the data (4% of Global Turnover or €20 million – whichever is greater).
Once a couple of processors or printers have been fined for using, what is effectively, illegal data, getting anything printed where the validity of the data cannot be verified against the new GDPR standards will prove ever more difficult.
Printers will be forced to implement auditing systems to ensure any personalised data being used has been acquired correctly.
Make Everyone in the Chain Responsible.
Smart move. By making any company involved with the data, responsible for GDPR and making the fines so large that most companies would go broke if they are caught violating the rules means companies must ensure each company in the chain follows the rules.
It’s not the printed matter itself, but how the data was acquired, that’s used to create the printed matter, but there is another aspect to consider – especially if you do internal printing.
If a printer is connected to your internal systems and allows someone to send personalised data to the print machine, you need to ensure that your security measures also look at any vulnerability points. The Internet of Things means everything is becoming connected, which means lines along which data can be sent can also be used to extract and internal printers store data about what they are printing.
What is Personalised Data – Simple Question, or is it?
The definition of personal data has now changed under the new GDPR to be cover broader terms such as social, cultural and economic data.
For a quick reference on personal data with regard to data protection, you can start by reading or downloading this document.
If you need a more in-depth understanding then look or download this document. Where it states the Directive provides that “personal data shall mean any information relating to an identified or identifiable natural person …; an identifiable person is one who can be identified, directly or indirectly…”.
It’s important the person in charge of GDPR in your company knows this, so that they not only understand what it is, but also the respective directives on how the data can be used.
Inside or Outside the EU.
This regulation will apply to any company managing data, whether inside or outside the EU.
You’ll need to check that any company you use outside the EU, to handle data, such as CRM’s (Customer Relationship Management) are compliant. Use software based in the USA? You’ll need to ask questions.
Working toward compliance is the best option, no matter your viewpoint. With all parties being responsible no-one will want to work with a company whose systems could destroy your company – it’s as simple as that.