You are not currently logged in
Log In | Register

Are your data processors GDPR compliant?

Tagged with gdprhelp, freegdpr, downloads, gdprsupplier, gpdrcompliance, thirdparty, compliance, duediligence, freeadvice, suppliercontracts
by Adam Brogden
in Blog

19-Nov-2018 12:41

So, you’ve completed your GDPR audit, gone through your GDPR compliance processes, updated your website, upgraded your IT, trained your staff, and re-issued your contracts. You then find out that your key suppliers are not GDPR compliant. What do you do?

This is a tricky question and one that we have come across very often. GDPR doesn’t tell you how to do GDPR. There is no easy to understand guide or definitive checklist that tells you when you’ve finished. Same applies for your suppliers and data processors. GDPR says that YOU have to confirm that your supplier is GDPR compliant before you share data with them! You have to ensure that you have a legally binding contract that clears sets out their responsibilities and has appropriate legal protection in place in case they mess up! But what do you do if your supplier is just not interested? Just refuses to respond to your requests or gives you vague answers.

This might seem like an easy question. If your data processor is not compliant then find one that is. However, this is never quite as easy as it might seem. Your supplier might claim they are compliant, but you know they aren’t. You might have limited choices so get stuck with a supplier you can’t afford to lose. You might just be too busy to go through the pain of switching. So, what do you do?? Here are a few steps you should take:

  1. Send an email and ask them to confirm that they are GDPR compliant

  2. Send them a GDPR contract from one our Optindigo pack. Make sure you include schedule A from the Supplier Processing agreement in order to clearly define the relationship and their responsibilities, even if they choose not to reply!

  3. Send them the GDPR Questionnaire in your Optindigo pack. This is pretty comprehensive and defines all sorts of things they need to do.

  4. There is a good chance they will ignore the Questionnaire in ‘3’ above, so try the GDPR Checklist. This is also in your pack. It’s not quite as comprehensive as the questionnaire but still a good way to confirm that they are compliant

  5. Ask for copies of their key documents: Privacy Statement; SAR document, and Information Security Policy. These are pretty vital documents so if they don’t have these you can be pretty sure that they are not GDPR compliant.

  6. Threaten to visit to audit their GDPR processes. This might scare them into doing something!

If all else fails you need to decide whether to continue using them as a processor or find someone else. You need to balance the risk of a potential breach with the potential damage that could result. Are you really willing to take that risk?

Call us anytime if you would like to discuss.

Good luck all.

Textgoto is a UK based text marketing SMS aggregator offering the lowest cost SMS, with the highest quality and best text delivery rates. We design, develop and support our own unique advanced SMS platform, offering the most sophisticated SMS campaign management and text message data handling functionality available.

Our bulk text marketing platform offers full SMS API integration, unlimited SMS throughput, and response management functions.

Based in the North West UK we are easy to contact and always willing to help. Our team is made up of seasoned text developers, experienced SMS campaign managers, and cool operations managers. Together we have all the skills and experience you need to run your amazing SMS campaigns. Call us today on 01772 217800 or just click the button below to register a free account today

Try us for free now