If your business takes possession of personal information such as a list of named individuals to be mailed or cleansed, then chances are you will need to make changes to your business to become compliant with GDPR. Organisations who collect, store and ‘own’ data are classified as data controllers, whereas organisations who take custody and use the data for example to print and send a direct mail campaign are classified as data processors. As of May 2018 data processors such as mailing houses, printers and data bureaux will be subject to many of the same new legal obligations enforced upon data controllers. Failing to adequately prepare your business for GDPR increases the risk of fines, but will also likely cost [...]