Print.IT - issue 50

PRINT.IT 15 www.printitmag.co.uk COVER STORY What GDPR means for commercial printers Antony Paul, Neopost Head of Enterprise Marketing, points out that for commercial print providers, GDPR represents much more than just a strengthening of the Data Protection Act. It brings in the requirement for written contracts between data controllers and data processors (i.e. a print provider that processes PII, such as a name and address). “The ICO (The Information Commissioner’s Office) provides guidance on what contracts should cover, but essentially they are there to ensure that all parties understand their responsibilities and liabilities and to ensure that everything is documented. This could include details relating to the type of personal data being processed, why it is being processed and when the processing will be completed,” he said. In addition to the need for written contracts, data controllers must ensure that any data processor used can show that they, too, are compliant with GDPR. If they are not and there is a data breach, the controller, as well as the processor, could be liable for fines or other sanctions. A print provider that handles a client’s customer data (e.g. a mailing list) may also have to submit to an inspection or audit. “A further consideration for printers that sub-contract work, for example the mailing and insertion of catalogues and magazines, is the need to get the same guarantees from any supplier they use, along with a written contract and consent to the arrangement from the data controller,” explained Antony. As onerous as these requirements are, Antony is adamant that commercial printers should view GDPR as an opportunity to win additional business by helping customers with their compliance initiatives. “There are plenty of ways in which printers can use GDPR to their advantage,” he said. “The key is to understand what your customers’ concerns are and then identify how you can help. For example, you could make the most of your expertise in printed communications by helping them gain, renew and manage permissions and opt-ins through printed communications. This is not a one-off process and could be provided on an on-going basis. Now is also the perfect time to promote the benefits of direct mail. Already undergoing a resurgence due to the popularity of personalised communications, direct mail is viewed with less suspicion than some digital communications and is arguably easier to control.” Due to the nature of their business, commercial printers have expertise in many different areas, from printed communications to data management to document management. GDPR could be the catalyst they need to raise awareness of their capabilities and win more business as a result. developments in digital printing technology, including support for more substrates and easy personalisation, mean that organisations will increasingly be able to produce relevant targeted direct mail in-house. When delivered as part of an omni-channel marketing campaign that also includes digital elements, the speedy production and despatch of such material will be essential. And that requires in-house mail automation. Conclusion To date, much of the focus on GDPR has been on the technical aspects of compliance: finding out where personal data owned by a business is stored, ensuring that it is stored securely, establishing processes for dealing with requests from customers to discover what data a company has and how to cope with requests for deletion etc.. These are challenging IT issues that businesses will need to address. For obvious reasons, equal attention needs to be paid to customer communications and marketing, to ensure PII, such as names and addresses, are secure and accurate and that customers’ wishes are observed. Neopost provides a range of solutions that can help organisations achieve compliance with GDPR e.g. by using addressing software to maintain accurate, up-to-date personal data (a requirement under GDPR) or by using output management software to ensure mail is not sent to people who have opted out. Over and above that, these solutions help improve the efficiency, cost-effectiveness and targeting of postal communications, which helps build trust with customers. particular model of car, for example, the service can be used to send a personalised mailing, perhaps including a unique offer or incentive, to that individual within just 24 or 48 hours. Case studies show that programmatic mail can generate response rates of 10% or more and increase online sales conversion rates by 14%. While much direct marketing will be conducted by agencies, TheNeopost Guide to Managing GDPR SmartWays to Manage thenew GeneralData Protection Regulation Consent •Permissions •PersonalData •RightofAccess •Consent • Permissions •PersonalData •RightofAccess •Consent •Permissions • PersonalData •RightofAccess •Consent •Permissions •PersonalData • RightofAccess •Consent •Permissions •PersonalData •RightofAccess Consent •Permissions •PersonalData •RightofAccess •Consent • Permissions •PersonalData •RightofAccess •Consent •Permissions • PersonalData •RightofAccess •Consent •Permissions •PersonalData • RightofAccess •Consent •Permissions •PersonalData •RightofAccess Consent •Permissions •PersonalData •RightofAccess •Consent • Permissions •PersonalData •RightofAccess •Consent •Permissions • PersonalData •RightofAccess •Consent •Permissions •PersonalData • RightofAccess •Consent •Permissions •PersonalData •RightofAccess •Consent •Permissions •PersonalData •RightofAccess •Consent • Permissions •PersonalData •RightofAccess •Consent •Permissions • PersonalData •RightofAccess •Consent •Permissions • P R O C E S S C O N S E N T A M E N D M E N T C O M M U N I C A T I O N GDPR SMART 65% Recipient revisits each Item on average On average each item is passed to someone else... After 28 days... of mail is still live in household 4.2x 1.2x 27% 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 98 76543 2 1 Opening of all addressed mail To find out more or to download a copy of The Neopost Guide to Managing GDPR , please visit www.neopost. co.uk/ gdprguide