GDPR, or the General Data Protection Regulation, has come into play for all UK businesses and sole traders as of May 2018 – and what this means for you, your clients and your customers is that European Union laws have upgraded how privacy protection operates across all member states.
You will likely have either received emails from services you are registered with, or will have registered websites asking for consent to use your data – essentially, GDPR largely requires clear and recorded consent from end users and clients for their data to be used and stored in certain ways.
From your point of view, this means you must always clearly ask for, and store, consent – otherwise, you could be in breach of the new regulations, and may be facing considerable fines.
For many of us, it doesn’t even cross our minds how much personal data we have put online, not just on social media, but on many different sites, especially when shopping online, including banking information, addresses and much much more.
We have become very trusting of sharing our personal information online, which, in many ways is a great thing, enabling us to do more without moving from our computers, but GDPR has been put in place to ensure we can trust companies with our information.
The GDPR rules now state that customers have the right to be forgotten, so their data can be withdrawn and deleted. They also can request access to their personal data and ask how it is being used, eliminating any suspicion around the topic.
One other rule GDPR is enforcing is the right to object. This involves individuals stopping companies using their data for marketing. As soon as they have sent this request, all direct marketing will stop immediately, helping free-up your junk mail of all those irritating promotional emails.
One way GDPR will come into play that many companies have probably not yet thought about is the use of employee information being used for identification. ID cards are greatly affected – employees need to give your consent to use their data so that you may print and provide them with necessary identification.
GDPR doesn’t just cover consent for data use, either – it also means that you will need to be proactive in the protection and disposal of personal data when required. Here are three essential points you need to follow when it comes to ID printing in the age of GDPR and enhanced privacy protection.
Is Your Printing Outsourced? Always Check Compliance
It’s not uncommon for companies to outsource the printing of ID cards to a specialist firm – however, with GDPR, this means you will now need to liaise with any third parties you work with to ensure that they are compliant with new regulations. After all, it is your employee data at stake.
You’ll need to ensure that your outsourcer is not only compliant with GDPR, but that they are clear on how they receive and store your data, that their staff are trained and audited, that they dispose of printer ribbons and other materials used during the process, and that they ask you outright if they have permission for your data to be stored. Always record a trail, too, to show who has had access to such data.
Upgrade Your Printer Security – Buy a New Model
If you print ID cards in-house, it may well be time for you to consider upgrading to an ID card printer model with enhanced security features in light of GDPR. New models come fitted with time-sensitive data wiping, Kensington locks, and other security features – if you’re still printing ID cards on a standard model where anyone could gain access to data being printed, upgrade your hardware immediately.
Dispose of Used Printing Materials
When your printing is complete, that doesn’t mean the data is gone forever. Imprints can be left on printer ribbons – meaning that you should have a strategy set up to dispose of used ribbons efficiently and securely. The same will apply to used or old cards – even if an employee leaves your firm, you are responsible for their data from start to finish.
Adam Bennett is a hands-on digital marketing manager for the UK’s largest ID card company, Digital ID. Adam specialises in creating high-performance content marketing and SEO campaigns with a key passion for writing.