If “our similarities bring us to common ground,” (Tom Robbins) we’ve reached our destination.
No doubt, you have quite an assembly of tools in your MarTech stack acquired in various stages of your company journey. Each technology offers a different solution for your organization, but they all share a common ground: they access your data. Is the GDPR alarm going off in your head? It ought to be, as GDPR considers any technology provider in your stack— i.e. Marketo, Salesforce, Ringlead, ReachForce, Bizible —as well as agencies and service providers who can access your data, a “data processor.” And GDPR has a lot to say about this role and the responsibilities that come with it. Welcome to GDPR land.
By GDPR definition, a data processor is “any person, public authority, agency or other body which processes personal data on behalf of the controller.” So, all of your external systems, companies, agencies, service partners or contractors who are enriching your data, collecting data on your behalf, mining, segmenting, or analyzing records—even handling payroll or other outsourced HR activities–are data processors. Which means… (sound the major GDPR alarm) …each one must be GDPR compliant.
But wait, there’s more.
Did you catch those last few words of the data processor definition,”…on behalf of the controller?” If your MarTech tools, agencies and service partners are data processors, that makes your organization the data controller. And with great responsibility comes greater accountability: it is the data controller (AKA you) who calls the shots on what data is collected, why, and how it is used. Ultimately, YOU, the data controller, are responsible for ensuring that personal information is processed in accordance with GDPR, and, YOU can be subject to corrective measures and penalties should something go awry. Additionally, YOU are responsible for ensuring that these data processors can provide sufficient documentation of their abilities to comply with GDPR requirements for both technical and organizational measures. YIKES!
Takeaway: GDPR has a much broader impact on our operations and organizational structure than what’s on the surface.
How can you mitigate your risks?
Develop your Itinerary
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.