Let’s start with what a third-party processor is. In general, it is what it sounds to be like. It represents any entity that has access to or is working with the data that has been provided. For example, if your company is using a CRM- system this would be considered a third-party processor. Therefore, a controller is responsible for this data exchange and for the process to go smoothly according to the new rules and regulations. Something we already established. What you may not know is that as an agency using the data provided to you by the company who collected the data, you have to make this official.
The process to follow is to draw up a contract in which it has been clearly specified who gets the data from whom. Mentioning how this data will be used and what it will be used for is also of great importance. You might make an arrangement where you use the data just for that one particular campaign and then don’t save that information or use it for any other purpose. If for instance you have a client you have worked for during a long period of time, you will have to make sure to add adjustments to your contract with that client in order to be GDPR compliant.
Making sure everything is documented and everything is traceable to the source constitute basically the fundamentals of the GDPR coming into place. Verify that all is in order and compliant for the GDPR start. Double check any and all running contracts to be altered so that you don’t end up being held responsible because you didn’t ensure the compliance of the information you use.
Do you want to get more information about GDPR? Read the previous articles.
GDPR Series – Episode 1 : What is GDPR?
GDPR Series – Episode 2 : What are the basic principles of GDPR?
GDPR Series – Episode 3 : What are the 6 possible legal bases?
GDPR Series – Episode 4 : What is the material and territorial application of GDPR?
GDPR Series – Episode 5 : How is sensitive data protected by GDPR?
GDPR Series – Episode 6 : How is consent applied in GDPR?
GDPR Series – Episode 7 : What are the risks if GDPR is not respected?
GDPR Series – Episode 8 : What are the rights of data subjects in GDPR?