The General Data Protection Regulation (GDPR) will come into effect in May this year.

Once effective, your organisation could face fines of up to €20m, or 4% of annual global turnover, if it doesn’t handle personal data correctly.

The GDPR will have a profound effect on the print industry. Here are the five most important implications:

1. Understanding ‘data processor’ and ‘data controller’

You’ll need to start by working out whether you’re a data processor or controller, because both have obligations under the new regulation.

Here’s a broad definition for both:

• Data controller. This is the business or organisation that determines the reason for processing and how data will be processed. Think: a bank.
• Data processor. These guys process the personal data on behalf of the controller. Think: a print company.

Depending on the classification of your organisation, you may need to appoint a data protection officer (DPO) whose task it will be to monitor your compliance with GDPR. They’ll also act as a point of contact for supervisory authorities.

2. Processing activity records

Whether you’re a data controller or processor, you’ll need to maintain adequate records of your dealings with personal data under the GDPR.

You can do this by conducting a data mapping service that reveals a clear view of how data is collected, processed and stored, enabling you to trace its flow through the business and to third parties.

Just remember that mapping exercises of this kind will need to be repeated to account for any changes in the way you deal with personal data.

3. Data owners’ rights

To comply with the GDPR’s increased focus on rights for individuals, you’ll need to ensure your business has close oversight and tracking of personal data.

This means you’ll need to account for the following:

• the right to erasure (known as ‘the right to be forgotten’);
• the right to be informed; and
• the right to data portability.

For instance, if an individual wants their personal data erased, or the processing of it stopped, you will need to locate the data in question and remove it entirely.

4. Privacy by design

If a data breach occurs within your organisation under the new GDPR legislation, you’ll have a reporting window of seventy-two hours to alert the supervisory authorities.

This is one of the many reasons why the print industry will need to maintain higher levels of security than ever before.

New cyber threats emerge regularly that have an impact on printer technology. It’s therefore important to take advantage of modern printers and smart devices that offer intrusion prevention, document and data detection and device detection.

It also means product features such as secure print and access control should be implemented and used routinely by all staff.

5. Network consolidation

If you engage in transactional print projects that use multiple partners for direct mail campaigns, you naturally lose control over the content and risk exposure.

It’s likely this will result in businesses seeking one-stop-shops that provide security, automated printing and management of sub-processors across geographic locations.

This is good news for larger OEMs, who might see an increase in business as a result of the GDPR’s requirements.

The GDPR is fast approaching, and the significant changes it will bring to the print industry mean it’s time to prepare, assess data processing activities and seek expert advice.