The New Normal for Data Privacy: Part 3 – XMPie Gets Ready for GDPRRISORSE

The New Normal for Data Privacy: Part 3 – XMPie Gets Ready for GDPR


At the end of last year, I began a series of three blog posts covering the EU’s new General Data Protection Regulations (GDPR) which are coming into force in May this year. In the first post, I covered what GDPR was, and how it needs to be looked at by anyone handling the personal data of an EU citizen, regardless of their location in the world. In the second post, I touched a bit more on how GDPR is affecting the actual products and services that XMPie offers. And here, in my third and final post on GDPR, I’m answering readers’ submitted questions about the GDPR and how XMPie will be addressing its challenges.


Deep down, and on a personal level, I would love this to be the end of all things GDPR, but I know that it is not! Over the past few months, I’ve had countless conversations with customers about GDPR, I’ve attended numerous internal conference calls covering GDPR and been exposed to technical slides with font sizes that need a magnifying glass to read through the technical specifications! Our GDPR activity has grown significantly and we are now preparing to roll our updates out.


GDPR is not going away anytime soon, and this, on the whole, is a good thing.  But I suspect that I will hear a collective and relieved ‘sigh’ when people return to their day jobs instead of doing GDPR preparation for what probably seems like a lifetime.


In my last post, I asked for your questions around GDPR.  Thanks very much to everyone who submitted questions.  These questions fell into three key areas that marketers are concerned about and I’ll cover them all below. A quick disclaimer, let me first state that this does not constitute any legal advice or direction.


How do you see GDPR affecting our industry?


GDPR has a lot of people worried, however, I like to try and take a more ‘Don’t Panic’ approach. GDPR is not there to stop people doing business, it is an attempt to stop the prolific capture, scraping and selling of lists by brokers, as well as introducing more responsibility and accountability to companies that handle personal data. This is all good stuff and should be looked upon as a positive move. Organizations will need to assess how they handle data, and I am talking specifically about printers and service providers here.


Yes, GPDR will influence the market.  Hopefully, customer trust will increase, and consumers will be more willing engage with marketing activities because they will have greater confidence that their data is being protected. We will see an increase in direct marketing this year as GDPR is focused on digital marketing touch points. This, in turn, will lead to an increase in QR Codes and AR to link print with digital and allow consumers to engage.


After GDPR, consent will need to be explicitly granted by a consumer if an organization is to legally market to them using digital channels.  The same is not true for direct mail which will be covered by the legitimate purpose clause simply because companies need to market their goods and services somehow.


What is XMPie doing to become GDPR compliant?


This was undeniably the most requested question – and something that I touched upon in my previous post. XMPie has been working hard to both identify areas of our software that need addressing, and to provide fixes for them.


Across our entire platform, we have introduced new features to assist our customers in complying with the regulations – all of which will be in place before the May deadline.


At the end of February, we will start to roll out these changes, initially to customers that request the GDPR updates. These updates cover changes to how uProduce, uStore, XES and Circle handle data. We will be introducing the option to automatically delete data in uProduce and uStore for example, as well as improving how proofs and other objects are deleted. Tools will be introduced so that our customers can seamlessly comply with a citizen’s request to be removed, or extracted.


We will also be providing a GDPR guidelines document for our customers which will explain how to work with XMPie’s systems in a compliant manner.


In addition, XMPie is hosting a webinar on Jan 30 (11am EST), to look at the opportunities that GDPR can bring, along with how XMPie is making sure that our software will help our customers to be totally compliant with the new regulations.


What should we be doing before GDPR comes in?


I personally think that the best thing any organization in this space can do, prior to the May deadline is… Don’t Panic! It’s easy to become like a rabbit caught up in the lights of a €20 Million fine, but that will not help you at all.


Clearly, everyone needs to become familiar with the GDPR. Understand how it affects you as an organization and how it affects your business, but do so in a pragmatic and realistic approach. GDPR is not there to stop businesses from marketing their products and services so in many ways it is business as normal.  The difference is a new emphasis on the data that you hold, and how you handle and use it. The focus here, for me, is about building consumer trust, which is where it always should always be.


Many marketers have an almost primeval desire to push as much marketing content as possible, but that is not the best approach. Now is the time to develop strategies and campaigns that absolutely deliver value and relevancy to consumers.


And while you’re considering strategy, make sure that you check ALL your systems and vendors and make sure that they are all compliant. As I’ve mentioned here, for the aspects that are handled by XMPie our customers can be assured that we are compliant, but don’t forget to assess the whole picture along every aspect of your workflow and ask your vendors the question “Are you compliant?”.


Is Direct Mail included in the GDPR?


In case you’re worried about the consequences of failing to comply with GDPR, direct mail is a fantastic opportunity.  Under the GDPR regulations, direct mail falls under the legitimate interest clause, and this allows companies to market their products and services. Use your printed piece as an engagement tool to drive consumers to a personalized site empathizing the value that you offer. Use that opportunity to seek explicit consent for any other purposes, like email marketing etc.


2018 offers a great opportunity for direct mail and with additional support for QR Codes within our smartphones I personally feel that we will see an increase in their use – not to direct consumers to a static webpage, but as way to take consumers from a printed piece to a dynamic site online where they can continue the conversation.


An Opportunity for Conversations


After all, we all enjoy conversations – but we dislike being spoken to about certain topics without our prior consent. GDPR, for me, is an ideal opportunity to focus on developing conversations – and luckily XMPie has all the tools to do this!