GDPR: EU's new data regs come into force

Today is the day that the EU’s General Data Protection Regulation (GDPR) rules come into effect, following their adoption by the European Parliament two years ago.

GDPR is the first major shake-up of personal data protection for almost two decades and increases the rights of individuals to control who holds information on them, what information is held and how it is used, as well as stiffening the penalties for breaches.

Brands that rely on personal data for marketing purposes must now be able to show 'legitimate interest' if they are to send out marketing communications without requiring consumers to 'opt in' in advance.

For BPIF chief executive Charles Jarrold, GDPR does not have to be an earth-shattering changeup for printers if they make sure to play along with the new rules.

"We have spent a lot of time on support, consultancy and workshops in the run up to this," he said. "The bottom line is that all print companies need to be clear on how and why they are retaining personal data. It is important to go through the process of demonstrating that and, if they do, the impact should not be significant.

"I think there has been some confusion, too, because there has been so much different advice flying around. We will continue our support process for members and the Information Commissioner's Office (ICO) website is also a useful resource for anyone who still isn't clear.

"These rules are somewhat open to interpretation and I believe that the ICO will not be heavy-handed in early cases of misinterpretation and instead guide companies towards getting it right. If that is not the case, we will support our members in discussions."

Postal direct marketing, however, does not require the opt in, something Judith Donovan, chair of the Strategic Mailing Partnership (SMP), sees as a golden opportunity for the direct mailing industry to lead the way in a new form of customer communication.

She said: "My members are quite excited. There was a time when we were worried about GDPR but it soon became clear that mail would be under legitimate interest and thus considered more valid under the law than e-communication.

"The long-term implication is that this recognition will lead to more direct mail and print jobs being produced. We do have to be careful to keep everything above board and stick to procedure, but I also see this as a shifting of the roles for mailers.

"We have a chance to become the heroes of this new form of data-based communication and lead the way among our digital and print colleagues. It also means we will likely have to be advisors for our clients who have perhaps not gotten up-to-scratch on the regulations in enough detail in enough time."

Patrick Headley, chief executive of direct mail specialist Go Inspire Group, has been preparing his staff for GDPR with seminars and training since the latter part of 2017 and said his company’s “proactive line” on the new regulations has left it in a good position as the rules take force today (25 May).

“I am cautiously positive about GDPR,” he said. “The essence of data laws has not changed massively, it is the fines that have risen and definitions have become clearer.

“We have seen a migration to direct mail over the last year as people realise once more that it is a penetrative channel and more rewarding than email in terms of response rates. I predict that brands who have been email-dependent will turn to direct mail in order to reach the clients they can no longer reach digitally.

“If that is the case, it will boost volumes for direct mail and commercial printers alike. I think there will be a shock among fans of e-communications as they realise how sparse their databases have become. I predict an outcry and an exploration of alternative methods.”

Headley was one of a number of printers concerned for brands they work with who have not made adequate moves to keep their customers in GDPR-compliant ways until the last minute, referring to the inundation of emails he has received this week from retailers and businesses requesting his consent to keep his details on their database.

Security printer Tall Group has been handling data for 30 years and has also taken a bird’s-eye view of the scramble to achieve compliance and also retain customer detail.

Managing director Peter Thomas said: “We have worked to be compliant with all data regulations – including ISO 27000 – for years and so this is nothing new for us. It was a case of housekeeping and taking a closer look at the data we hold to make sure it’s all in line.

“Tall Group is made up of three organisations and we had to think about not only our clients but the data of our personnel and put protocols in place to make sure our staff understand the obligations they must keep to with the new laws. It’s a case for us of making what we already had more robust.”