The European General Data Protection Regulation (GDPR) is on its way! Here’s everything you need to know!
After years of attracting worldwide speculation and debate, the General Data Protection Regulation (GDPR), is virtually upon us.
This time next year, the legislation will be in effect – starting from May 2018. But what does it mean for businesses and how will it impact the professional printing industry?
Keep reading to find out!
Q: Hasn’t the GDPR already been implemented?
A: Yes – It came into force in May 2016, but it’s not going to be ‘officially’ enforced until May 25 next year.
Q: What’s with the delay?
A: It’s a two-year introductory period. Its purpose is to give businesses the chance to get their data sorted for the official arrival of the GDPR.
Q: Who’s behind it?
A: The European Union (EU). They first proposed it back in January 2012.
Q: What’s going to happen to The Data Protection Act 1998?
A: It’ll be effectively replaced by the GDPR.
Q: Does it only apply to certain businesses?
A: The GDPR relates to all organisations that handle EU citizens’ data. So, if you collect, store and process people’s personal data, then it applies to you.
Q: Why’s the GDPR being introduced?
A: There are so many businesses and services operating across borders that the EU wants to create international consistency around data protection laws and rights for both businesses and citizens. The new regulation also focuses on the need for transparency. It also means individuals have the right to and must be given, clear guidance on how their information and details are going to be used by companies.
Q: What do these tougher rules involve?
A: At the moment, when it comes to digital campaigns, companies have to ask people if they’d like to opt-out of receiving communications from them. However, under the GDPR, they’ll have to ask them to opt-in instead. This is already the case for postal marketing campaigns, but having the same stricter rules apply to digital campaigns will make multi-media campaigns more of a challenge for printers and other businesses to deliver. Companies will also have to make sure they’re more transparent about what they plan to do with people’s details and won’t be able to assume that silence means they’ve got permission to use their information.
Q: Will there be special protections in place too?
A: Yes. Children’s data, as well as data on health, sexuality and ethnicity, will become much more difficult for marketers to obtain, as they’ll be classed as special GDPR categories. Explicit consent will, therefore, need to be obtained to access these details.
Q: What are the implications of not complying with the GDPR.
A: Hefty. The GDPR will enforce huge new fines of up to €20m or 4% of a company’s annual turnover for data breaches.
Q: What sort of impact is the GDPR going to have on the printing industry?
A: The industry’s not going to be directly impacted by the GDPR. Having said this, it’s best practice for print companies to review their current data protection processes ahead of its implementation. Instead, it’s likely the industry will be indirectly impacted by others having to follow new restrictions, such as the new rules aimed at making it tougher for marketers to gain access to personal data.
Q: What should people be looking for from their Printer once the GDPR hits?
A: At the very least, printers will need procedures in place that are robust enough to challenge their customers to verify if their data has been appropriately sourced. Don’t be surprised if your print company carries our random data spot checks to ensure the GDPR is being followed. Why? Because they have direct legal responsibilities. If they’re found to be using data that hasn’t been verified, they could also fall foul of the GDPR too.
Q: How Does GDPR Apply to Companies outside the EU?
A: The main purpose of GDPR is to give EU citizens greater control over how their personal data. This includes how it is collected, protected and used. While the legislation applies to EU companies, it also applies to any company that chooses to do business in the EU. That includes any online business that owns a website that is accessible by EU citizens or if that website collects user data. Since the definition of personal information has also been expanded to include online identifiers such as cookies, GDPR has implications for huge numbers of U.S businesses. To continue to do business in the EU, most companies will have to implement additional privacy protections and end-to-end data protection strategies.
So, there you have it. An overview of what the GDPR means and how it’s going to shape the future of the professional printing industry.
Central Mailing Services is an accredited ISO 27001 mailing house for data protection.
Need a mailing? Contact Central Mailing Services Via email at email@example.com
Alternatively, call us on 0800 699 0501.