Big changes are coming to data protection laws within the European Union (EU). Passed in 2016, the General Data Protection Regulation (GDPR) will be enforced May 2018, and it significantly overhauls how any business working in the EU handles customer data. It’s one of the most far-reaching laws passed protecting consumer data, and failure to comply could mean steep fines or levies.
It’s also important to understand that the GDPR covers all entities doing business within the EU, regardless of their headquarters location or reported nationality. If you or any of your partners are doing business in the EU, you need to comply. Even if you don’t (currently) have EU interests, it would be a good idea to keep an eye on the GDPR anyway. Data protection regulation can only grow in the years ahead, and the GDPR may become a model for future regulators in other countries.
Tips For Keeping Your Ecosystem In Compliance With The GDPR
1. Know the law. Hire an expert if necessary.
The GDPR is publicly available, but it’s absolutely massive. We strongly advise hiring a lawyer experienced in EU law for at least a consultation, to understand your business and your obligations under the GDPR. Undoubtedly, regulators will be looking to make examples of offenders caught early on after implementation, and you don’t want to be among them.
2. Understand what data you have.
If you don’t have a master list of the types of data you and your partners are collecting, this is the time to do so. You’ll need to know exactly what’s covered under the GDPR, and how each type of data has to be handled. Be aware that regulations are particularly strict when it comes to personally identifying data – even website cookies are covered.
3. Keep open communication with your affected partners.
For ecosystems, GDPR compliance will necessarily be a team effort. You should be reaching out to managers at your sales partners to ensure they’re aware of GDPR and beginning to come into compliance themselves. This is one area where having centralized communications will be a big boon, since it will allow all your various partners to work together towards compliance.
4. Standardize your data handling policies.
This is another area where it only makes sense to ensure all your partners are on the same page. Once you understand your overall burdens and responsibilities, create data-handling policies which will hold true for at least all of your EU partners. Should you standardize your entire ecosystem, even non-EU partners? It’s not required, but it could be a good idea since there will probably be more laws along these same lines in the future.
5. Implement strong breach detection and response policies.
Some of the most stringent regulations in the GDPR relate to breach disclosure. Breaches have to be reported to authorities within 72 hours, and any affected customers must be promptly alerted as well. Be certain your EU partners have policies in place to ensure this happens! Even if they would bear most of the legal burdens, a major breach and failure-to-report would reflect very badly on you as well.
6. Conduct tests & audits.
To be fully prepared, set up tests and audits that your partners will comply with to ensure all your policies are functioning as intended. This is a situation where a little extra time and money spent on testing will pay off if you ever suffer a data breach.
Tie Your Partner Network Together With LogicBay
Trying to manage a global-scale indirect sales network can be an immense challenge, even without new government regulations popping up. LogicBay’s proven blend of technology, software, and consulting can help you streamline your partner interactions, improve communications, and implement shared systems that benefit everyone in your ecosystem. No matter how large or diverse your network, we can help bring it all together.