It will have a profound impact on companies’ internal processes and marketing strategies in the future. Yet some online print providers don’t seem to be taking the GDPR seriously enough. That’s pretty audacious in my opinion!
The set of obligations is getting larger, proactivity is required and providers need to get their act together. Why this issue again? Because I can say with certainty that some print providers have not yet realized how serious the (data) situation is. From the middle of this year companies won’t have the option of being small enough to be able to slip beneath the radar, because the handling of personal data affects every business. And this issue will be even more important in future.
In this text I am not concerned with revisiting every sphere of activity affected by the GDPR. In fact I should like to remind all those CEOs out there and data protection officers if already in situ that previously minor breaches of the rules could soon lead to substantial penalties. Martin Schirmbacher has already explained the figures and the fundamentals in detail in this blog. What is certain is that things are getting tight for anybody who has not yet addressed this issue. That’s because it will be mandatory soon.
Given that I have been asked about the GDPR issue several times in the last few weeks and that a number of print providers have some serious catching up to do, I will address a couple of points below, which have not been sufficiently taken into consideration to date.
Cooperation with other service providers
Obviously ordering a print product creates a contractual basis and therefore provides a reason for storing data. But things get really interesting if you assume that this data is not stored locally on the print provider’s premises, but in a cloud. Added to this mix are print partners, other fulfillment partners and all sorts of logistics service providers. And by that I don’t mean just DHL et al – intermediate service providers of shipping notifications and monitoring services must also necessarily be supplied with the personal data that the print provider has collected along with the order. In other words, it’s plain to see that a large number of players come into contact with personal data just in the course of one order. As a print provider you need to deal with the entire value chain and with data protection accordingly. But you won’t be left standing there alone, because the GDPR governs both the transfer of responsibility to partners and the interrelationship of those responsibilities.
“The GDPR will be perceived as making the handling of personal data more difficult for online print providers. But things will be particularly difficult for slowpokes and those that underestimate the extent of the necessary action to be taken.” – Bernd Zipper
Business with non-EU countries
The GDPR is not a data barrier that’s restricted to German eCommerce. Online print providers that also maintain international business and customer contacts are confronted by this duty of data protection implementation in all EU countries. In other words, get it right first time and you’ll have no worries as far as your international business is concerned. Incidentally the effort involved does not necessarily mean one particular disadvantage, because print providers from third countries, i.e. from outside the EU, that approach German and other EU customers are required to comply with the same specifications.
And one more thing that reinforces the first point – it’s not enough respecting personal data within your own company. Print providers urgently need to get a handle on what insights the providers of software, server and other services gain. What do their data protection guidelines state? Where hosting in a non-EU country is involved, you need to be very much aware of all the ins and outs in order to avoid any penalties. That because as with other changeovers, careless companies can look forward to receiving warnings after May 25 if data leakages are made public. And this brings me to my next point.
User experience and negative publicity
In terms of orders and the necessary collection of personal data in the online print segment and of course the rest of the eCommerce sector, the consent of the customer to having their data processed can become the main threshold in dealings with customers. And by main threshold I mean a possible impairment of the user experience. That’s because the Regulation “transfers” a greater burden of responsibility and proactivity to providers in the online business. eCommerce providers must make data requests and customers decide in line with their perceptions whether they want to provide certain data at a particular point in time during a website visit or ordering procedure. Once consent has been provided, the data can be used – at least within the framework of the GDPR. Most print providers shouldn’t have any problems with that, because after all everybody has to obtain consent, meaning that neither small nor large print providers are at a disadvantage. But where I do see smaller online print providers or those that want to become online print providers being disadvantaged is the correct tracking of personal data processing operations. Here the major industry players have more manpower and usually better IT structures that enable them to maintain the necessary documentation.
What some customers will definitely be paying more attention to in the near future is tracking and handling of cookies, although personal data could in turn also be collected. That means that both B2B and B2C print providers need to pay attention to any impediments on the (potential) customer’s way through the store. That’s because, as suggested before, if you impair the user experience, you will achieve conversion rates that are lower than you might care for.
And one more thing: caution should be exercised given that the GDPR is tightening up virtually everything in data protection terms that previously “somehow functioned” at some print providers and did not cause any problems – no later than May 25. That’s because the punishment for any breaches of the data handling rules are certain to follow promptly. Experience shows that negative publicity can spread just as quickly as positive publicity!
The name of the game will be comprehensively documenting how personal data is handled. An awareness of how personal data should be handled both online and offline (some folks seem to forget that!) needs to be generated, and indeed in the mind of every employee that comes into contact with such data. Incidentally maxing out grey zones is set to become even riskier. One way or the other, if it’s unclear whether the collection and processing of data is even necessary and if customers may not necessarily be expected to provide such data, case-by-case decisions will then become the legal remedy of choice from the end of May onwards. But as an online print provider I wouldn’t rely on an amicable outcome given the horrendous fines.
My take: as an online print provider I am responsible for data processing procedures, and if my service provider, no matter which one, were not to fulfill their obligations in accordance with valid law, then who has responsibility needs to be clarified. And even if this has been mentioned before on numerous occasions, I must once again appeal to all those CEOs out there – you need to deal with this issue in detail. There is significantly more to it than most onliners think. You are responsible and from May 25, 2018 onwards customers will increasingly be paying more attention to this issue and claiming their data protection rights. I am pretty certain that we will already be hearing about the first severe cases in the German eCommerce sector a couple of weeks after that date. Try not to join their ranks. I will take a look around several online print providers shortly before and after the GDPR enters into force and compare UXs. We shall see whether the impact of the new Regulation is palpable or not.
PS: If you have already tackled the GDPR issue in your company – what have been your experiences to date? You are welcome to detail them in the Comment field.