miliprogressive.blogg.se - Direct mail processors

DIRECT MAIL PROCESSORS UPDATE

The obligations of the data processor are also extended to subcontractors.

Although article 28 includes provisions for regular jobs, most processors will need to develop a template contract which can be quickly and easily tailored for the processing work to be carried out.įrom the Text: “The processor shall not engage another processor without prior specific or general written authorisation of the controller” The text implies activities such as screening, merging, sorting, suppressing or home mover tracing recipients must all be explicitly stated and agreed to by the data controller. The contract must stipulate in writing the specific processing work to be carried out.įrom the Text: “ sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller” This contract cannot be the processors standard terms and conditions. GDPR requires data processors to have a written, legally binding contract between the data processor and the data controller.

Taking a data processing brief over the phone or undertaking processing work without a contract will not be acceptable from May 2018.įrom the Text: “Processing by a processor shall be governed by a contract or other legal act under Union or Member State law”įrom the Text: “processes the personal data only on documented instructions from the controller” Implement a Legal Contract for Processing Prepare to Assist ICO and Clients – in the event of an audit or breachġ.

DIRECT MAIL PROCESSORS UPDATE

Update Processes, Policies and Training – in readiness for GDPR compliance.

Keep Records – of all data processing work carried out.

Carry Out a Data Audit – to demonstrate compliance and make changes to policies.

Update Legal Contracts – with clients to agree processing activities.

Data processors should take action in these 5 areas of GDPR: This article sets out the explicit requirements for data processors which will include mail producers, printers or data bureaux. The GDPR text is 11 chapters and 99 articles long, however Article 28 is specifically directed at data processors. How Data Processors Should Prepare for GDPR Increased responsibility to their customers and huge legal liabilities for failure to comply mean that all those organisations processing data on behalf of others need to take action.”Ĭhristine Andrew, Managing Director DQM GRC “The new GDPR legislation is a game changer for data processors. When GDPR comes into force in May 2018 the velocity and value of these fines is likely to rise sharply once more. This sharp rise pre-empts the introduction of GDPR with the current rules being far more forgiving and fines capped at £500,000. As of September 2017, 48 fines totalling more than £3.5m have been issued and the total is well on course to double that of last year. Since 2014 both the number of fines and the value of fines has risen each year. What is also clear is this is no empty threat.

Those failing to adhere to the regulations face fines of up to €20 million or 4% or annual global turnover – whichever is higher. Unprecedented power has been granted to the Information Commissioners Office (ICO), the independent authority tasked with implementing GDPR here in the UK.

The Information Commissioners Office Are Serious About GDPR Peter Galdies, Development Director DQM GRC The benefits will include greater clarity for processors and much greater confidence from their clients.” “GDPR means a new type of relationship between processors and their data controller customers – with more detailed and explicit instructions tallied to strong control by the processor. Organisations who send mail will seek only GPDR compliant mail producers to further limit their own exposure to breaches and fines. Failing to adequately prepare your business for GDPR increases the risk of fines, but will also likely cost data processors their clients. Organisations who collect, store and ‘own’ data are classified as data controllers, whereas organisations who take custody and use the data for example to print and send a direct mail campaign are classified as data processors.Īs of May 2018 data processors such as mailing houses, printers and data bureaux will be subject to many of the same new legal obligations enforced upon data controllers. If your business takes possession of personal information such as a list of named individuals to be mailed or cleansed, then chances are you will need to make changes to your business to become compliant with GDPR.