How to understand partner compliance for your own good

Uku Tomikas

23 Jan 2018 -

5 min read

Uku Tomikas

23 Jan 2018


2 min read

An important aspect of the new General Data Protection Regulation (GDPR,) which is easily overlooked, is potential liability from third parties who handle your customer data. If a data breach is caused by a partner, and your customer data is stolen, accounts are hijacked, or any other harm is done, substantial fines may be on their way –to your company.

To help, here are some primary things to consider when managing vendor partners and reviewing their compliance.

First, look at privacy policies and terms of service provided by your partner

They're usually found on their websites. GDPR requires certain privacy policies to be stated, such as the rights of all EU citizen whose data is being processed. These rights include the right of data portability, the right to be forgotten, and the right to a subject data access request. Whether or not these statements are in the privacy policy may indicate compliance.

Does the partner utilize cyber-security tools to prevent data theft such as 2FA or encryption?

The GDPR states that security tools must be in place to match the risks associated with data processing. 2FA is a good way to protect against account hijacking and encryption helps protect stored customer data.

Obtaining consent before data processing --no pre-ticked boxes allowed

Strict rules are in place that restrict data processing and client communications to activities that are mainly either needed to fulfill contractual obligations or deliver the service at the needed level of quality. So, for any other data processing, consent must be freely given, specific, informed, and unambiguous indication of the individual’s wishes. Thus, checking how consent is obtained can show if the new regulations are considered.

Look over the partner agreements and amend them where needed

Make sure they include the new regulations, then establish agreement between your company and the partner’s.

While there are additional aspects that to consider, these four provide a good indication if the right kind of steps have been taken, and if the partners you use can be relied on to provide a compliant service that will not leave you open to litigation, fines, or a PR nightmare.

What's SMS service quality?

Uku Tomikas

Lead Sales Researcher

At Messente Uku is a part of Messente’s sales lab, taking a systematic and metrics driven approach to constantly improving the B2B lead generating process. As a yoga and meditation enthusiast he likes to keep a solid balance between crunching numbers and petting his pet pup Lucy. 

We're here to help you connect with your customers. Let's start talking.

Email again:

Further reading

Communicating your actions: The essentials (GDPR article #3)

22 May 2018

Note: This is article #3 of our GDPR awareness series. Read about data processing and the...

Uku Tomikas

2 min read

How we got here and the three pillars (GDPR article #2)

15 May 2018

Note: This is article #2 of our GDPR awareness series. Read about data processing and customer...

Uku Tomikas

2 min read

Don't Panic! It's still okay to process (GDPR article #1)

08 May 2018

Note: This is article #1 of our GDPR awareness series. Read about the 3 pillars of...

Uku Tomikas

2 min read

Have you met 1oT? Mobile data connectivity for IoT companies.

24 Apr 2018

Last week, Lauri wrote a good piece about keeping things real, because businesses have simple business models...

Yuriy Mikitchenko

2 min read