The New Normal for Data Privacy: Part 2 – How We Are Ensuring Compliance with GDPRRESSOURCES

The New Normal for Data Privacy: Part 2 – How We Are Ensuring Compliance with GDPR


In my last blog post, I spoke about what GDPR was and how it will affect anyone who is handling or processing any data relating to EU Citizens. Naturally, this kind of legislation prompts many new challenges for vendors to address and XMPie is no different. XMPie products allow for the storage and processing of customer data, so we’ll need to make changes to how our products and services operate to help our customers be compliant with the new law.


Over the past few months, we have been identifying the areas within both our software and our services that will be affected and we are committed to ensuring compliance in accordance with the GDPR before the legislation comes into force in May 2018.


I have found GDPR to be a really interesting exercise for XMPie, although I am not sure that my colleagues in R&D will agree with me! Simple clauses like a Consumer’s Right to Erasure could cause ripple effects throughout the platform. A consumer’s data could exist within a single print piece or across an entire journey of touchpoints so identifying and deleting them is not a simple process. And what if that consumer also exists within a purchase campaign on a uStore site? The problem lies with the fact that we need to identify an individual, not just by RecipientID and delete that data, or pull all of the recipient’s information, including tracking data.


XMPie’s solutions will be compliant when we act directly as the Data Processor and we will also identify and make clear those areas that are out-of-scope and which will remain the responsibility of the Data Controllers directly. Thus, both the Data-Controllers and that Data Processors will have the tools to comply with the regulation.


In relation to XMPie as the Data Processor, we are working towards three things:

  • A utility or patch inside PersonalEffect’s uProduce that will allow compliance with certain areas of the GDPR regulation.
  • A software patch for uStore 9 (and above) to bring our eCommerce platform into compliance.
  • New versions of Circle, XMPie Email Services and our cloud-based services.


In addition to these fixes, XMPie will be providing a “GDPR guideline” document for our customers which will include advice about those areas that are out-of-scope for XMPie and will remain the Data Controller’s direct responsibility. The document will explain how to work with XMPie’s systems in a compliant manner. Key points such as not using personal information within Personal URLs (PURLs) will be covered in this document!


So, my question to everyone reading this is: “What is your burning GDPR-related question related to VDP, Cross Media or Web-to-Print?”.


I’m building my own list of questions and would love to see what yours are – maybe there are some that we already have answers for, and maybe some actually offer up business opportunities! Please use the below ‘Got Questions? Just Ask. contact form’ below to submit your question.  I’ll compile the answers for the final instalment of this series.