GDPR


GDPR is the biggest change to data protection law for over 20 years. Pollards are here to help you prepare for those changes.
GDPR stands for General Data Protection Regulation, it is the EU’s legal framework that sets guidelines for the collection and processing of personal information of individuals.
The legislation comes in to effect on the  25th May 2018.
To give the public greater control over how their data is used. It introduces tougher fines for non-compliance and data breaches, and gives people more say over what companies can do with their data. The EU’s aim is to give businesses a simpler, clearer legal environment in which to operate.
GDPR will apply to any organisation irrespective of size which processes and holds the personal data of people residing in the EU. The new legislation applies to both data “controllers” and “processors”.

CONTROLLERS

...are organisations who collect the data and specify how it is used and processed. Typically, this would be a business or charity with databases of customers and supporters.

PROCESSORS

Pollards are a processor as are print and mail on behalf of our customers (controllers). We have put into place strict processes for the control and management of data.
In particular, any data that can be used to identify a particular individual, including: name, ID number, location data, or computer IP address.

WHAT RIGHTS DOES THE NEW LEGISLATION GIVE THE INDIVIDUAL?

THE RIGHT TO BE INFORMED

THE RIGHT OF ACCESS

THE RIGHT TO RECTIFICATION

THE RIGHT TO ERASE

THE RIGHT TO RESTRICT PROCESSING

THE RIGHT TO DATA PORTABILITY

THE RIGHT TO OBJECT

RIGHTS IN RELATION TO AUTOMATED DECISION MAKING & PROFILING

Importantly, any organisation storing personal details, needs to review how they are going to store that information securely.

As a business owner, you need to review your data collection policies to make sure that they comply with the new regulations. If you don’t, you could be hit with a fine of up to €20 million or 4% of your annual turnover.
The ICO has decreed that companies can continue to use print and mail without the explicit permissions from customers. However, companies must comply Data Protection Act regulations and run the data past the Mailing Preference Service data base to remove all people who do not want to receive mailings. (For further information visit the ICO website.
Companies undertaking email and e-commerce campaigns will have to gain the consent of the customer. Under GDPR regulations, companies can only process and store customer’s data legally under the following circumstances:

CONSENT

VITAL INTEREST

PUBLIC TASK

LEGITIMATE INTEREST

CONTRACT

LEGAL OBLIGATION

To gain consent from a customer, they must be given a clear understanding as to how their data will be used and ask them to opt in. Forms must be clear and easy to understand with no pre-tick boxes with the opt out box kept away from other small print.

CHANGES TO MARKETING

Email campaigns have become increasingly less effective as customers have become over-exposed to mass market campaigns. The introduction of GDPR will make this type of e-commerce even less effective as many customers tired of the volume of emails they receive will not give their consent.

DIRECT MAIL

It is predicted that Direct Mail will become increasingly more effective as long as it is managed effectively by GDPR compliant suppliers, according to the following new legislations:

  • Customers must be given the option to withdraw from future mailings.
  • All databases must be cleaned according to GDPR regulations, run via MPS (Mailing Preference Service) and all people who do not want to be mailed removed.
  • Mailing service providers must be GDPR compliant with strict and robust processing in place for the secure handling of data at every stage.

DOOR DROPS

An alternative to personalised mailings are door drop campaigns. The Royal Mail provides a service of targeting customers by postcodes, cross referenced by numerous factors such as house type and average income.

Leaflets and mail pieces can be delivered to targeted postcode areas along with general mail.

WHAT HAS POLLARDS DONE?

Pollards has taken its duty as a Data Processor and Data Controller very seriously and has invested a great deal of time and money updating our systems and processes for data management and security. We are able to provide a totally secure data management system:

Secure receipt of data with an exclusive upload portal

Secure encrypted storage, processing and management of data

Secure proofing via a tailor made online proofing platform

Supply of mailing report once the job has been completed

Secure removal of mailing data once job has been invoiced

CYBER ESSENTIALS SCHEME: OVERVIEW

Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. It focuses on key controls to help protect data and reduce the risk of cyber-attack.

IASME

Pollards has chosen to adopt the Information Assurance for Small Medium Enterprise (IASME) standard. IASME is one of five companies which has the right to act as an Accreditation Body for Cyber Essentials scheme. It has been recognised as the best cyber security standard for small companies by the UK Government. Under the scheme organisations are audited for key controls such as physical security, data management, staff awareness and document policies. These controls were identified by the government as the best way to prevent cyber-attacks on organisations.

WHAT DO YOU NEED TO DO?

The regulations for data controllers needs to reviewed against individual organisation’s circumstances and we would recommend that you follow the link below to the ICO website. Here, you will find all the latest information to help you ensure your processes for controlling data are compliant with the latest legislation and that you gain the correct consent from customers or supporters.

https://ico.org.uk/

USEFUL DOCUMENTS