Key Questions for Sales to Get Ready for GDPR
If you are a tech marketer at a global organization with demand generation strategies, then GDPR is likely a hot topic for your customers. And, my guess is that your sales team is coming to you with questions about GDPR, from themselves or their clients.
GDPR is the General Data Protection Regulation for the European Union. Effective May 25, 2018 it will apply new legal rights for individuals in Europe as it relates to their personal data and how it is managed.
We thought it would be helpful to share some answers based on the questions that we’ve been getting for when the next question crosses your desk.
At IDG Communications, we have a dedicated Global Data Protection Officer in place along with a data privacy team that is 100% focused on making sure IDG is ready for GDPR. Protecting the rights and freedoms of our users is our North star. We have always held the interests of our customers as an absolute priority so that we can provide quality content and services that are relevant to their tech purchasing journeys. More than just being ready for GDPR—we’re excited for it!
5 GDPR Questions for Sales
1) What is personal data and who is the data subject?
Personal data is any information relating to an individual (sometimes referred to as the ‘data subject’) who can be identified, directly or indirectly, by identifiers such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
2) What is a controller?
The controller determines the purposes and means of the processing of personal data. This could be a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing the personal data.
When a company processes personal data of data subjects for their business purposes and needs, rather than simply as a service provider acting for other businesses, they are a controller.
3) What is a processor?
A processor acts a service provider for other businesses, processing personal data on their behalf. Processors act only on the instructions of the Controller, but are equally accountable to their supervisory authority for handling the personal data they process in a secure way.
4) What are data processing agreements?
Under GDPR, a controller is required to have a legally binding written contract with each data processor. Within this data processing agreement, the following must be clearly outlined: subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data to be processed, the categories of data subjects and the obligations and rights of the controller.
5) What are the client’s expectations and responsibilities?
The most important expectation in this new post-GDPR world for a client is that their vendors are fully compliant. What does that mean?
Your vendor should have a Data Protection Officer and/or have privacy specialists ready to safeguard personal data and maintain GDPR compliance at all times. You should know where your leads are coming from and have an assurance that they were lawfully obtained. Further, you should be able to ask—at any time—for proof that the proper consent has been obtained for the lawful transfer of data, including permission (consented right) to market your product and services. And, double check that your contracts/agreements they have all the necessary language for GDPR compliance.
Do you still feel nervous or overwhelmed? Not sure if your vendors are ready for GDPR? We’re here to help. Stay tuned to this blog or fill out the form and someone will contact you.