Keeping Printed Data Secure

The General Data Protection Regulation (GDPR) is an EU law that came into force on the 25 May 2018. It is designed to protect the privacy of individuals. It applies to personal data that relates to an identified or identifiable individual. Whatever the outcome of Brexit, the Government has confirmed the GDPR will continue to apply.

Storing an individual’s personal and related financial information, which Housing Associations keep on file, is subject to the GDPR.   To comply, encryption and password protection is necessary, and most organisations have been able to put processes in place to ensure data is stored safely since the introduction of the regulations.

However, rent statements, works improvement letters, rent increase letters, in fact, any communication that needs to be sent by letter or email that contains personal information is also subject to the GDPR. So how can Housing Associations continue to protect tenants’ data when communicating in this way?

The lack of inherent security surrounding email communications often rules this out as a secure method of notification.  Emails can go astray, and even password protected zip files are easy for skilled hackers to open.  In addition, Housing Associations may not have email addresses for all tenants or have the resources to keep them up to date.

The good news is that there are options.  Secure portals can let users go online and check the financial status of their account using secure passwords and encryption.  This challenge with relying on the Internet and such technology for Housing Associations, is that some tenants may not have easy access to the online world.  Set up is costly and some elderly or vulnerable people may not have the skills to be able to find the information in this way either.

Housing Associations will, however, have postal addresses for tenants.  Specialist mailing houses can offer a cost-effective outsourcing option.  Because of their close relationships with the Royal Mail or other DSA (downstream access) suppliers and the fact that they buy in bulk, they can often offer advantageous rates on postage.  It is usually cheaper to outsource than print in-house – for example mailings over a certain volume can attract rates of less than 40p/unit (including data processing, printing, mailing and postage) with the right provider.

Mailing houses will also need to be fully compliant with the GDPR as they will be processing personal information. Mailing houses can also advise on any changes in legislation moving forward, which there may be, given the changes with the UK’s EU status.

How the Housing Association communicates with the mailing house is also important.  Uploading personal information to a secure portal and using a SFTP (Secure File Transfer Protocol) will ensure personal data is protected appropriately, in line with the GDPR.  Once the mailing house has received the data, communication to residents is printed in large batches and securely put through a mailing machine and then sent in the post.

The GDPR has a wide remit and to keep tenants’ sensitive personal data secure and comply with the regulations, working with a specialist mailing house can offer one of the most cost effective and secure options available.

For further information please see

By Simon Cook, Head of Compliance, allpay Ltd

Simon Cook, Head of Compliance, allpay Ltd has worked at payment specialist allpay for almost 17 years and has extensive experience of developing and leading compliance, security and risk management functions throughout an enterprise.