November 6, 2015

Safe Harbour – Preparing for the New Data Protection Laws

With ever-evolving tech and more of our data going online by the day, it’s no secret that the law has struggled to keep up. There have been many developments in Data Protection laws recently, and although it sounds about as much fun as a hole in the head, in the wake of the Safe Harbour ruling and with tougher EU privacy rules (in the form of the draft Data Protection Regulation) expected to come into force in early 2017, it’s more important than ever that you know what all of it means for your data, and your customers’, and prepare accordingly.

The new bill will affect everyone collecting or storing data online or in the cloud so burying your head in the sand is no longer an option. The grace period for due-diligence ends Jan 16th 2016, so by then you must know where your data is, the laws that govern it, what you need to do to secure it, and the very real price you will pay if you don’t.

What are data protection laws?

Data protection laws exist to strike a balance between your right as an individual to privacy and the ability of organisations to use data for the purposes of their business. The bill extends an obligation to ensure appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data to anyone who stores other people’s personal data.

When the changes come in, the bill and the new data protection laws are really going to start to have some teeth.  The finer points are still being debated but a few of the big things it’s expected to include are much higher fines for non-compliance based on a percentage of turnover and more prescriptive rules around fair processing of personal data; more accountability and far more fines and enforcement by the Information Commissioner.

What are your obligations?

In order to comply with the current Data Protection Act, a data controller (people who determine how data is processed) must comply with the following eight principles:

  1. The data should be processed fairly and lawfully and may not be processed unless the data controller can satisfy one of the conditions for processing set out in the Act.
  2. Data should be obtained only for specified and lawful purposes.
  3. Data should be adequate, relevant and not excessive.
  4. Data should be accurate and, where necessary, kept up to date.
  5. Data should not be kept longer than is necessary for the purposes for which it is processed.
  6. Data should be processed in accordance with the rights of the data subject under the Act.
  7. Appropriate technical and organisational measures should be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Data should not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

There are many more in-depth requirements of data controllers and when processing data which you should investigate further independently, because you’d be reading this blog forever if I listed them all here.

One of the points above worth highlighting though is that as well as knowing where your data is at all times, you need to ensure that you’re securing your data effectively with ‘appropriate measures’ against attackers and data loss. For many businesses this will mean outsourcing your security to an accredited third party that can deal with everything from firewalls to penetration testing.

What are the main risks if you don’t comply?

Financial – the most obvious and immediate issue is that you and your clients will probably lose money if you experience an attack. You’ll experience the joy of some hefty non-compliance fines, which are currently in the region of £500k, but the expectation is in future this will move to a percentage of your overall worldwide turnover.

Operational – the time it will take to get your business back on its feet and potentially moving your data.  And lost time means lost revenue.

Reputation – potentially the worst in the long term, reputation is easy to lose and hard to get back.

What’s the bottom line for Romax clients?

Romax customers don’t have to worry about the concerns relating to Safe Harbour as we keep all our customer data in our on site server and backed up to a UK-based, IS27001 and PCI compliant UKFast data centre, so you can be assured more stringent UK laws govern the protection of your data.

Being IS27001 compliant and/or using UKFast who are ISO27001 compliant gives both customers and the Information Commissioner assurance that they have taken “appropriate technically and organisational measures” to protect data.

Romax clients aren’t affected by any of the Safe Harbour ruckus, but if the company that you host with doesn’t keep their data on British soil you could be; and no matter who you are the expected DP changes will affect you, so here’s what you need to know. Romax use UK Fast for our cloud back up and have an onsite server for secure data storage. Watch a Microsoft video report about our IT investment.


Source Content courtesy of  UK FAST 27 Oct 2015 by Katherine Kelly.


romax_logo_tag_blueRomax Marketing & Distribution, a Greenwich-London based company, provides a wide range of services in Direct Marketing for B2B and B2CDirect Mail, Data Management, Printing, Discount Postage and Membership Communication Services and Consultancy. Contact us: +44 (0) 20 8293 8550

Contact Us


August 6, 2015

Big Data and Data Quality in Direct Marketing

Big Data and Data Quality in Direct Marketing

A survey conducted by TEK systems (as subsidiary of Alegis Group, a talent management firm) found that over 60% of IT leaders lacked good data quality and had issues with data governance.

With the increasing production, storage and aggregation of data, the challenges of creating workable and maintainable data are increasing exponentially. Vendors surveyed claimed that customers routinely use sub-optimal data for analytics and marketing campaigns.

Some of the primary issues involve

  • Incomplete data
  • Governance of data quality on population
  • Lack of data validation & corrupted data
  • Incompatible characters sets & formatting


The concept of garbage in – garbage out still holds true. The true value of data, as a business asset that can be optimised and grown in value with time, is constrained and even jeopardised by poor data design and governance. The impact on customer outreach and direct marketing can really affect our customers at both a sales and earnings line level as they increase customer acquisition costs and limit the effectiveness of their marketing.

The UK-based direct marketing sector has extensive knowledge and experience of data management. As an industry we can help any company seeking to get on top of their data management requirements, to maximise return on their marketing investment through targeted personalised data-driven communication across any medium.

By using sophisticated software and a logical approach to data quality, mining and governance many mailing houses and data providers are able to ensure that marketing professionals can access the rich information and big data analytics that deliver effective messaging to audiences at the right time. Our industry’s data governance consistently demonstrates high security for data, a need demanded by cross-channel advertisers.

Data for marketing campaigns has been the mainstay of the direct mail industry long before ‘big data’ was heard of as a term, helping customers, to develop smarter and more effective marketing campaigns. Understanding your data shows how best to get started profiting from your data.

Customer data augmentation and enhancement services can further enrich key details to your customer database. This service allows you to identify key characteristics of your target audience; those most likely to drive customer acquisition.  Customer data enhancement services are provided by many suppliers and lead to costs being saved, a more powerful campaign and as an added bonus – compliance with the data protection act.

If you understand and use your data properly, then building a business case for data governance, cleansing and targeted direct marketing can help you increase ROI in your marketing spend.


February 5, 2015

Romax Achieve Double Bubble ISO 9001 & ISO 27001 Data Security

Romax Achieve Double Bubble ISO 9001 & ISO 27001 Data Security

Last week Romax received further confirmation that the level of quality and data security associated with the business services and output was still excellent. Having been externally assessed by independent adjudicators, Romax once again exceeded the standards required to retain our ISO credentials.


When is it OK to blew your own trumpet? Well – sometimes if you don’t do it then nobody else is going to do it for you!

Clients can be confident once more that when they place a job with Romax, service, data security and quality are assured. Contact Romax on 020 8293 9550 or email