Today, one in four US companies don’t know if they’re prepared to meet GDPR compliance standards, which are set to take effect in May of this year. These new security rules affect any business that stores data on EU citizens, even if the company is based in the US.
Those that fail to comply will be fined up to $20 million or 4 percent of global annual turnover for the preceding financial year, whichever is greater. These penalties are so severe that they could put a company out of business in the EU.
Worried? You should be. But, it isn’t too late to prepare. Here’s what channel vendors need to know to get ready for the May 25th deadline:
The GDPR was designed to ensure that there will be more transparency between the organizations who collect the data (the ‘Data Controllers’) and the individuals whose personal data is being collected (the ‘Data Subjects’). This means vendors will need to secure consent before collecting data from their partners or their partner’s customers.
Vendors that collect data from partners will be limited to only what is relevant and clearly disclosed to the individual. Data stored by a vendor which is deemed excessive such as personal contact information or social media handles could be considered non-compliant.
Vendors will need to ensure data is stored in accordance with the security provisions of the GDPR. This means vendors are required to use “appropriate technical and organizational security measures” to safeguard personal data. Depending on what data is being collected and how it is being used, companies should consider encryption and use anonymization or pseudonymization methods to protect it within their systems.
Partners will have the legal right to request a vendor update their data if the information is no longer accurate. If the partner requests at any time that their data should be deleted, the vendor has to comply with that request and confirm the deletion, not only from their own systems but from any downward systems who were processing that data on behalf of the vendor.
Vendors can only hold on to a partner’s data for as long as is necessary to fulfill the intended purpose of collection, and to comply with any other regulatory commitments. This means, if a partner leaves a vendor’s program, they will need to ensure they have a data retention policy that specifies how long they will retain the partner’s data for and the justification for holding on to the data for the said period.
Given the immense amount of partner data vendors manage – it’s critical that they follow these new regulations closely. If you’re still using a spreadsheet or homegrown solution to manage your partner data, now is the time to make a change.
With Impartner PRM, vendors can establish the level of transparency required to ensure compliance with the GDPR. The contemporary partner portal makes it easy to maintain partner data while achieving a heightened level of security through pseudonymization.
Worried your current PRM solution isn’t compliant? Don’t worry — Impartner can have you up-and-running with Impartner PRM in less than two weeks, so you can be ready for the May 25th deadline.