If your company is handling data of any kind it is very likely that you are aware of the GDPR coming into place on 25th May. However, making sure your business is compliant with the GDPR is not the only thing you need to be aware of. You also need to keep in mind that usually you as a company will have a third-party data processor. Which means you should know exactly who is responsible for what data at what time.
Let’s start with what a third-party processor is. In general, it is what it sounds to be like. It represents any entity that has access to or is working with the data that has been provided. For example, if your company is using a CRM- system this would be considered a third-party processor. Therefore, a controller is responsible for this data exchange and for the process to go smoothly according to the new rules and regulations. Something we already established. What you may not know is that as an agency using the data provided to you by the company who collected the data, you have to make this official.
The process to follow is to draw up a contract in which it has been clearly specified who gets the data from whom. Mentioning how this data will be used and what it will be used for is also of great importance. You might make an arrangement where you use the data just for that one particular campaign and then don’t save that information or use it for any other purpose. If for instance you have a client you have worked for during a long period of time, you will have to make sure to add adjustments to your contract with that client in order to be GDPR compliant.
Making sure everything is documented and everything is traceable to the source constitute basically the fundamentals of the GDPR coming into place. Verify that all is in order and compliant for the GDPR start. Double check any and all running contracts to be altered so that you don’t end up being held responsible because you didn’t ensure the compliance of the information you use.
Do you want to get more information about GDPR? Read the previous articles.
GDPR Series – Episode 1 : What is GDPR?
GDPR Series – Episode 2 : What are the basic principles of GDPR?
GDPR Series – Episode 3 : What are the 6 possible legal bases?
GDPR Series – Episode 4 : What is the material and territorial application of GDPR?
GDPR Series – Episode 5 : How is sensitive data protected by GDPR?
GDPR Series – Episode 6 : How is consent applied in GDPR?
GDPR Series – Episode 7 : What are the risks if GDPR is not respected?
GDPR Series – Episode 8 : What are the rights of data subjects in GDPR?