If you are involved in any type of compliance work, you are highly aware that GDPR is getting closer. And as the date approaches, the awareness of compliance and matters relating to processing of personal data, is growing.
B2B vendors, that to some extent process personal data on behalf of others, have not always considered data protection compliance a main priority.
But this is changing.
Arguments like “but we’re not a European company”, or “this is the data controller’s concern” have no place under the new regime – the GDPR.
Previously in the EU, data protection compliance has been a question mainly for data controllers i.e. traditionally the B2B buyers. But now it is becoming a key concern for businesses everywhere including the data processors, i.e. B2B vendors.
Legislators in EU have turned their eyes onto the B2B vendors. These will for the first time be subject to regulatory requirements and liability relative both supervisory authorities and data subjects.
GDPR and data protection is probably high on the agenda of your management team. Even so, selling the importance of compliance to an organisation is not always easy.
The first step for a Data Processor
As is the case for data controllers, one of the first things you need to do to move towards compliance is data mapping.
This means finding out the details about how you are processing personal data. By doing this, you will comply with certain specific requirements under the GDPR. More importantly, this is the only way to identify your challenges.
Get in control by turning every stone in your business, including:
- What kind of data are you processing on behalf of your customers and how?
- Where do you process the data and which sub-contractors do you involve?
- How do you safeguard the data?
By taking this first step, you are well on your way to comply with important explicit requirements of the GDPR. Article 30: Records of Processing Activities, states:
“Each processor and, where applicable, the processor’s representative shall maintain a record of all categories of processing activities carried out on behalf of a controller.”
Some of your other key obligations include communicating changes in sub-contracting, applying risk based security measures and breach notifications.
Download our whitepaper to learn more about the regulatory and commercial impacts on your business.
Because the GDPR will have such a big impact on the data processor / data controller relationship, businesses will also be facing commercial challenges.
Having proper data mapping and reporting functionalities makes it possible to deal not only with your regulatory requirements under GDPR, it will also help you with the commercial aspect.
The Commercial Benefits of Getting Control of Your Processing of Personal Data
As a data protection officer or compliance officer, it can be difficult to create buy-in throughout an organisation. Compliance issues might not be the top priority in your marketing, sales or tech departments.
When GDPR is enforced though, data controllers will be requiring much more from data processors. B2B vendors who cannot demonstrate to customers and prospects that they are in control and compliance, risk losing business to better prepared competitors.
So how do you make your teams see the benefits of compliance?
By making them understand that it can be a competitive advantage.
If you help your teams avoid stumbling on difficult questions (and they will come!) and tools to make their lives easier, your impact on the organisation will be significant.
Your sales people for instance do not need to become data protection experts. Instead, you can provide them with intuitive tools to help them be successful ‘despite’ of GDPR.
When the speed of sales cycles can be maintained or even improved, it will become clear that GDPR is not a show-stopper. Instead, it provides opportunities for growth and increased customer satisfaction.
By allowing your salesforce to quickly generate reports vetted by legal expertise, internal resources are used as efficiently and effectively as possible.
If done well, and coupled with educational initiatives, it might even be a source of pride and championship on the part of sales, marketing and other customer facing departments.
GDPR will work to your advantage if you help the rest of your business truly understand – and deal – with the questions of processing of personal data that are on their way.