GDPR came into effect in May 2018, and companies are still struggling to wrap their heads around its impact. While companies are taking steps, or have already taken them, to ensure that they’re GDPR compliant internally, they also need to make sure that any business partner that makes use of their data is doing the same.
Identify All Third Parties That Process Personal Data On Your Behalf
The first step is to create a list of all third parties that are in any way involved with the handling or processing of your data.
How Do You Check Their Compliance?
Certifications exist for various aspects of your business. If you’re interested in building a new website, you can find someone who is certified in the relevant platform. Similarly, if you need to ensure your data encryption meets certain minimum standards, you can find an encryption tool that meets your needs and is certified.
Unfortunately, when it comes to GDPR, there's no way to know for certain if your business partner is completely GDPR compliant. No certification exists (for now) that lets you know that this business is completely trustworthy when it comes to GDPR.
However, there are a few ways to protect yourself and your data.
Confirm Whether They Have A Data Protection Officer
- There is a list of GDPR criteria that stipulate an organisation must have a DPO, and failure to fill this position is an immediate red flag. For companies that don’t require a DPO, hiring one is a sign that they take their data seriously and are more likely to be compliant.
Identify Whether Your Partner Is Outside Of The EU
- Companies that are located outside the EU are subject to different GDPR regulations. Ensure such partners are located in an approved third country location, such as Canada or Israel, as outlined by third country regulations, and that they have adequate data protection (security certification will help with verifying this).
Identify If They Are Transferring Data Outside Of The EU
- If they are based in the EU, but are transferring data to a location outside of the EU, the same third country regulations will apply.
Confirm That Your Channel Partner Is GDPR Compliant In Writing
- Written proof of your business partner’s GDPR compliance is important, particularly if you find yourself in a situation where you need to prove due diligence. A Data Processing Agreement (DPA) is another important contractual agreement that can help you ensure your data partner is taking steps to ensure GDPR compliance. It is also a GDPR requirement.
Understand What Is Required By GDPR Data Compliance
This will help you identify any red flags in regards to any non-compliant processes or decisions with any of your partners.
Pick A Partner That Meets These Requirements
GCL Direct is a telemarketing and marketing agency with over 27 years of experience. If you are looking for a partner that offers excellent service and can help you meet the requirements of GDPR, please contact us today.