GDPR is the biggest change to data protection law for over 20 years. Pollards are here to help you
prepare for those changes.
GDPR stands for General Data Protection Regulation, it is the
EU’s legal framework that sets guidelines for the collection
and processing of personal information of individuals.
The legislation comes in to effect on the 25th May 2018.
To give the public greater control over how their data is used. It
introduces tougher fines for non-compliance and data breaches, and
gives people more say over what companies can do with their data.
The EU’s aim is to give businesses a simpler, clearer legal environment
in which to operate.
GDPR will apply to any organisation irrespective of size which processes and holds the personal data of people residing
in the EU. The new legislation applies to both data “controllers” and “processors”.
...are organisations who collect the data and specify how it is used
and processed. Typically, this would be a business or charity with
databases of customers and supporters.
Pollards are a processor as are print and mail on behalf of our customers
(controllers). We have put into place strict processes for the control
and management of data.
In particular, any data that can be used to identify a particular individual,
including: name, ID number, location data, or computer IP address.
Importantly, any organisation storing personal details, needs to review how they are going to store that information securely.
As a business owner, you need to review your data collection
policies to make sure that they comply with the new regulations.
If you don’t, you could be hit with a fine of up to
€20 million or 4% of your annual turnover.
The ICO has decreed that companies can continue to use
print and mail without the explicit permissions from customers.
However, companies must comply Data Protection Act
regulations and run the data past the Mailing Preference Service
data base to remove all people who do not want to receive
mailings. (For further information visit the ICO website.
Companies undertaking email and e-commerce campaigns will have to
gain the consent of the customer. Under GDPR regulations, companies
can only process and store customer’s data legally under the following
To gain consent from a customer, they must be given a clear
understanding as to how their data will be used and ask them to opt in.
Forms must be clear and easy to understand with no pre-tick boxes
with the opt out box kept away from other small print.
Email campaigns have become increasingly less effective as customers have become over-exposed to mass market
campaigns. The introduction of GDPR will make this type of e-commerce even less effective as many customers tired of
the volume of emails they receive will not give their consent.
It is predicted that Direct Mail will become increasingly
more effective as long as it is managed effectively by
GDPR compliant suppliers, according to the following
- Customers must be given the option to withdraw from future mailings.
- All databases must be cleaned according to GDPR regulations, run via MPS (Mailing Preference Service) and all people who
do not want to be mailed removed.
- Mailing service providers must be GDPR compliant with strict and robust processing in place for the secure handling of data
at every stage.
An alternative to personalised mailings are door drop
campaigns. The Royal Mail provides a service of targeting
customers by postcodes, cross referenced by numerous
factors such as house type and average income.
Leaflets and mail pieces can be delivered to targeted
postcode areas along with general mail.
Pollards has taken its duty as a Data Processor and Data Controller very seriously and has invested a great deal of time
and money updating our systems and processes for data management and security. We are able to provide a totally
secure data management system:
Secure receipt of data with an exclusive upload portal
Secure encrypted storage, processing and management of data
Secure proofing via a tailor made online proofing platform
Supply of mailing report once the job has been completed
Secure removal of mailing data once job has been invoiced
Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against
common online threats. It focuses on key controls to help protect data and reduce the risk of cyber-attack.
Pollards has chosen to adopt the Information Assurance for Small Medium Enterprise (IASME) standard. IASME is one of
five companies which has the right to act as an Accreditation Body for Cyber Essentials scheme. It has been recognised as
the best cyber security standard for small companies by the UK Government. Under the scheme organisations are audited
for key controls such as physical security, data management, staff awareness and document policies. These controls were
identified by the government as the best way to prevent cyber-attacks on organisations.
The regulations for data controllers needs to reviewed against individual organisation’s circumstances and we would
recommend that you follow the link below to the ICO website. Here, you will find all the latest information to help you
ensure your processes for controlling data are compliant with the latest legislation and that you gain the correct consent
from customers or supporters.