If your customers are businesses rather than individuals, you may think GDPR is less of an issue for you.
However, if these customers share personal data with you, GDPR obliges them to ensure you are compliant with GDPR.
If you can’t provide these customers with evidence of your compliance, many will choose to send their business elsewhere.
Your customer is likely to ask you to sign an updated contract or an addendum to the contract. It is usually called a ‘Data Processing Agreement’ or a ‘Data Protection Agreement’.
It commits you to a lot of obligations. It may state that you will do all this for free. And you may be asked to provide unlimited indemnity.
Processing by Instruction
If you receive personal data from a business customer, you should only process this data under their instruction.
If you do anything else with the data, you become a ‘data controller’ and take on even more obligations under GDPR.
Are you both clear on these instructions?
Pre-approval of sub-processors
You need to tell your business customers about all of the sub-processors to whom you disclose the personal data.
You also need to notify them in advance if you plan to change one of these sub-processors.
Do you know who your sub-processors are?
If a personal data breach occurs, your business customer will require you to inform them ‘without undue delay’.
It is important that you understand your obligations. You do not inform the regulator or the individuals impacted.
Do you know how to recognise a breach?
Step 1: Contact me
Contact me using the form below.
Provide some basic information about the nature of your business and the types of clients you have. Where possible, tell me what you have done to-date about GDPR.
I will respond as soon as possible, usually within 48 hours.
Step 2: Free initial call
I will send you my initial recommendations.
If I think I can help you further, we will arrange a quick (no more than 20-30 min) phone conversation to work through more of the details and to give you some further pointers.
We can then decide if you need further help from me. You’re under no obligation.
Step 3: After our call
If you don’t want further help, there is no step 3. You’re under no obligation to engage me further.
If you do want my assistance and I think I can help, we can agree a scope and a cost for my involvement.