European Headlines: Keeping Up with the Data
Europe’s GDPR Impacts All Businesses Conducting Business in Europe No Matter Where They Call Home
May 25, 2018″”D-Day for data protection. Or so it felt. In reality, this day only marked the start of the enforcement of the General Data Protection Regulation, better known as GDPR.
Twenty-eight European countries had agreed many years ago to better protect the data of their people, more specifically, giving individuals the right to know where their data is being held, how and what it is being used for, and above all, that it is well protected against data loss, unwanted sharing, and criminal activities.
The regulations were published, discussed, and shared again far and wide with a pinch of panic in 2017, and then suddenly on May 25, 2018, all businesses were required to adhere to the new laws. By the way, all means all, as in no matter where companies reside if they do business in Europe.
Hastily, emails were sent to everyone to make sure everybody had their contacts’ permission to continue sending them automated messages. But contacting someone, either in a B2C or B2B relationship, even a cold contact, is only one aspect of GDPR.
Beware of the Aftermath
Another element of GDPR with a much more expensive consequence is data protection. We all have tons of data, some better structured and protected, others less. Most of it, however, like quotes, invoices, purchase orders, and delivery notes, for example, include personal data on a B2C and B2B level. Under GDPR, any data that allows one to personally identify someone needs to be protected. As a result, even owners of the smallest businesses started to panic. GDPR requires reporting of any kind and size of a data breach. Whoever fails to report a data breach faces fines from 2% up to 4% of a company’s global revenue, depending on the severity of the breach. The rules are simple: You fail to notice, you pay; you fail to report, you pay more; you try and hide it, you pay even more; and you end up on the internet wall of GDPR shame. The lesson (or warning): Don’t ignore data security. (The biggest fine to date: Google, $57 Million, January 21, 2019).
Don’t think this is only about digital information. The same rules apply to paper files.
If you’re in the office imaging industry, you may think you’ve ticked all the boxes and have a data manager who is on top of security.
If you’re involved with transactional printing, you’re probably still struggling with GDPR, or rather your customers. Personalized communication is easy when you already have a written consent somewhere allowing you to send information to a specific contact. Invoices, statements, order confirmations, insurance documents, travel itineraries, health statements, pension scheme details, catalogs, you name it. But how do you go on about purchasing a database for a cold mass-mailing and multichannel delivery? Hopefully, whoever collected the data made sure he had everyone tick the box that their data can be used for such purposes. If not, look at what happened to Facebook and Cambridge Analytica. Things can quickly turn into a legal and financial mess. I hear your argument: I’m only executing. But to what extent were you part of sourcing the contact details, or deciding what details to use? Make sure you know what you’re doing.
A Cure for the Data Privacy/Protection panic?
Do we need better technology? Like blockchain or something similar for everything? Do we have to ramp up security for online and offline filing? Or do we need to take the whole topic even more seriously, showing more respect for the individual and their data? Or are we overthinking it, and like some analysts predict, in the future, nobody will really care about data protection and privacy because sharing everything with everyone is the new normal?
I don’t have an answer. But personally, I lean toward more respect. Respect never hurt and can only accelerate us both as human beings and successful business people.
Please visit The Cannata Report for more on the printing and office imaging industry.