Your B2B clients need you to comply

If your customers are businesses rather than individuals, you may think GDPR is less of an issue for you.

However, if these customers share personal data with you, GDPR obliges them to ensure you are compliant with GDPR.

If you can’t provide these customers with evidence of your compliance, many will choose to send their business elsewhere.

Contract Updates

Your customer is likely to ask you to sign an updated contract or an addendum to the contract. It is usually called a ‘Data Processing Agreement’ or a ‘Data Protection Agreement’.

It commits you to a lot of obligations. It may state that you will do all this for free. And you may be asked to provide unlimited indemnity.

Be careful.

Processing by Instruction

If you receive personal data from a business customer, you should only process this data under their instruction.

If you do anything else with the data, you become a ‘data controller’ and take on even more obligations under GDPR.

Are you both clear on these instructions?

Pre-approval of sub-processors

You need to tell your business customers about all of the sub-processors to whom you disclose the personal data.

You also need to notify them in advance if you plan to change one of these sub-processors.

Do you know who your sub-processors are?

Breach Notification

If a personal data breach occurs, your business customer will require you to inform them ‘without undue delay’.

It is important that you understand your obligations. You do not inform the regulator or the individuals impacted.

Do you know how to recognise a breach?

If a business customers asks you to prove your compliance, you will need to do more than say you’re compliant. They will want to see real evidence.

Can I help you?

I have helped a lot of B2B businesses get their house in order so they can confidently demonstrate their compliance. If you are unsure about what you should do, I can help.

Step 1: Contact me

Contact me using the form below.

Provide some basic information about the nature of your business and the types of clients you have. Where possible, tell me what you have done to-date about GDPR.

I will respond as soon as possible, usually within 48 hours.

Step 2: Free initial call

I will send you my initial recommendations.

If I think I can help you further, we will arrange a quick (no more than 20-30 min) phone conversation to work through more of the details and to give you some further pointers.

We can then decide if you need further help from me. You’re under no obligation.

Step 3: After our call

If you don’t want further help, there is no step 3. You’re under no obligation to engage me further.

If you do want my assistance and I think I can help, we can agree a scope and a cost for my involvement.

Rest assured – Whatever we discuss will remain confidential.

Step 1: Contact me

Privacy: Breaching your trust would destroy my business. I will only use the personal data (and the details of your situation) that you enter above for the purposes of responding to your request. Your personal data will not be passed on to anyone else. You can read more in my privacy policy.