How your print MIS can help you stay compliant with GDPR

Since the introduction of GDPR and the Data Protection Act in 2018, data handling has been a big priority for every business in the EU. These laws regulate how data can be collected, used, and processed by businesses.

There has been some uncertainty in the past about whether GDPR applied to print, but since printing companies are considered Processors of personal data*, it’s definitely something you should be taking seriously. Those that don’t, could face a penalty of either £8.7 million or 2% of the total annual worldwide turnover, whichever is higher.

Your MIS software can help you make sure you’re staying compliant with these laws, and here’s how.

Your data is stored in one place

If your MIS has an integrated CRM, like Tharstern, all your data will be stored in one location. So you can be confident that you’re not holding duplicate data records. Should a contact request to be “forgotten” i.e. deleted from your records, this will be much easier to do.

The Tharstern CRM also has the functionality to flag contacts when they don’t want to receive marketing communications. Flagging a contact means they cannot be included in marketing campaigns, but are still stored in the main database and can be linked to jobs, estimates, orders, etc.

You can also use custom fields to store information about whether or not a contact has opted in to certain marketing subscriptions, along with the date they opted in.

You can define who has access to personal data

As well as storing data like names, email addresses and phone numbers, you can use the custom fields functionality of your CRM to store additional information such as personal interests and social media profiles. But all of these are classed as Personal Data (anything that could identify a person, either directly or indirectly) and this needs to be handled securely.

Most print MIS solutions will let you define access rights, so you can control which users have access to certain areas of the software. It’s a good idea to set these up in your MIS solution so that only authorized users can access, edit and delete any Personal Data you store.

Customers have the right to request the data that you store about them

Under the Data Protection Act (2018) everyone has the right to find out what data an organization stores about them, and also…

• Know how their data is being used
• Access and update incorrect data
• Have data deleted
• Stop their data being processed

To support these rights, Tharstern introduced functionality to help locate, report on and present specific personal data held in your Tharstern database. If an individual requests to know what data you store about them, you can easily provide them with that information.

It’s easy to remove data when requested

We’ve also implemented functionality that lets you anonymize personal information stored in your Tharstern database, if anybody exercises their right to be forgotten.

Anonymizing means you can define the data you want to remove, and it will be replaced with a series of Xs to hide the identify of the individual from your MIS.

You should regularly monitor the data in your MIS

Some businesses are also required to appoint a Data Protection Officer as part of GDPR to monitor compliance and ensure employees are aware of their obligations. If that’s not a legal requirement for you, we would still recommend that you put someone in charge of carrying out regular audits of your MIS to monitor compliance and take any necessary action.

Research from The Chartered Institute of Marketing (CIM) found that 57% of respondents did not trust companies to handle their data responsibly. This statistic highlights the level of concern consumers have around sharing their personal data and why it’s so important that you take this responsibility seriously and show your customers that they can trust you with their data.

Hopefully this article has shown you how your MIS can help you do that.

For the Tharstern customers reading, you can find out more details about our GDPR Functionality on the Customer Happiness Portal.

* This guide from the ICO explains the role of a Processor and includes an example of why printing companies are classed as Processors.

The information in this article is for guidance purposes only. It should not be taken for, nor is it intended as, legal advice. We would like to stress that customers should make their own detailed investigations and seek their own legal advice if they are unsure about the implications of the GDPR.