
It seems like in every meeting I attend, or when I meet colleagues for coffee, everyone is talking about the same thing. Not chatting in a pleasant âNice weatherâ sort of way but more of a âThe world is going to endâ sort of way. If I were to represent this as an image, it would be the iconic woman tied to a train track, with a train fast approaching. Iâd make two minor alterations and that would be to affix a big board to the front of the train with the words âGDPRâ written in large letters and swap the woman for the companyâs servers!
Unless you have been hiding in a very deep hole for the past 12-24 months âGDPRâ should be no stranger to you. In fact, youâve probably already had many âThe end of the world is nighâ conversations pertaining to GDPR.
GDPR, or the General Data Protection Regulation, is the EU bringing data privacy and safeguarding into the modern era. Just because I mentioned ââ¦the EUâ does not mean that if youâre located outside of the EU you can ignore the GDPR either. If you market to or hold data on any EU citizen then this set of regulations covers you as well. Doesnât matter if you are in New York, Shanghai, or Australia. If you process or hold any personal data on any EU citizen then you need to be aware of the GDPR.
So thatâs you pretty much strapped down to the rail tracks. Now, what makes the trainâs impending arrival so scary (other than the fact that itâs a train bearing down on you!)? The GDPR sets out a list of regulations that anyone who handles or processes personal data needs to adhere to. Fail to adhere and the fines could be massive. Thereâs even nowhere to hide for service providers because if a client gives you the data and you process it, then you are as responsible as they are. That train has just become even more daunting.
And consider firstly, that âPersonal Dataâ doesnât have to mean my inside leg measurement, it means anything that identifies me. So, even my name or my IP address. Secondly, you have up to May 25th, 2018 to comply with these regulations.
In a nutshell, you must be 100% certain that permission to market to each individual in your database is clear and absolute for the purposes for which it was granted. So gone are all those âwe will market to you tick boxesâ. You also need to able to provide audit data, provide data back to the individual, and remove them, if required, from all sources.
As an organization, XMPie is busy implementing a host of changes to comply with these regulations, internally as a company and externally as a technology provider.
There are also a few areas which can turn this into an opportunity as well. For one, Direct Mail is not included within the GDPR, so for regions that do not have additional regulations pertaining to that, sending print to recipients is still allowed.
What are you doing to prepare for the GDPR?
In our next blog post, we will explain how XMPie is preparing for GDPR by making changes to our software to ensure that our customers can easily be compliant with these regulations. Weâll also show you how the GDPR can be turned to your advantage as an XMPie user.