It seems like in every meeting I attend, or when I meet colleagues for coffee, everyone is talking about the same thing. Not chatting in a pleasant “Nice weather” sort of way but more of a “The world is going to end” sort of way. If I were to represent this as an image, it would be the iconic woman tied to a train track, with a train fast approaching. I’d make two minor alterations and that would be to affix a big board to the front of the train with the words “GDPR” written in large letters and swap the woman for the company’s servers!
Unless you have been hiding in a very deep hole for the past 12-24 months “GDPR” should be no stranger to you. In fact, you’ve probably already had many “The end of the world is nigh” conversations pertaining to GDPR.
GDPR, or the General Data Protection Regulation, is the EU bringing data privacy and safeguarding into the modern era. Just because I mentioned ‘…the EU’ does not mean that if you’re located outside of the EU you can ignore the GDPR either. If you market to or hold data on any EU citizen then this set of regulations covers you as well. Doesn’t matter if you are in New York, Shanghai, or Australia. If you process or hold any personal data on any EU citizen then you need to be aware of the GDPR.
So that’s you pretty much strapped down to the rail tracks. Now, what makes the train’s impending arrival so scary (other than the fact that it’s a train bearing down on you!)? The GDPR sets out a list of regulations that anyone who handles or processes personal data needs to adhere to. Fail to adhere and the fines could be massive. There’s even nowhere to hide for service providers because if a client gives you the data and you process it, then you are as responsible as they are. That train has just become even more daunting.
And consider firstly, that ‘Personal Data’ doesn’t have to mean my inside leg measurement, it means anything that identifies me. So, even my name or my IP address. Secondly, you have up to May 25th, 2018 to comply with these regulations.
In a nutshell, you must be 100% certain that permission to market to each individual in your database is clear and absolute for the purposes for which it was granted. So gone are all those “we will market to you tick boxes’. You also need to able to provide audit data, provide data back to the individual, and remove them, if required, from all sources.
As an organization, XMPie is busy implementing a host of changes to comply with these regulations, internally as a company and externally as a technology provider.
There are also a few areas which can turn this into an opportunity as well. For one, Direct Mail is not included within the GDPR, so for regions that do not have additional regulations pertaining to that, sending print to recipients is still allowed.
What are you doing to prepare for the GDPR?
In our next blog post, we will explain how XMPie is preparing for GDPR by making changes to our software to ensure that our customers can easily be compliant with these regulations. We’ll also show you how the GDPR can be turned to your advantage as an XMPie user.