Privacy, security, compliance, transparency, and responsibility are the cornerstones of our business. As a processor, and sometimes a controller, of our customer’s data, we fully understand and recognise our responsibility to respect privacy rights and put in place appropriate data protection standards.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European privacy regulation that has replaced the previous EU Data Protection Directive (Directive 95/46/EC). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonise EU data protection law.
To whom does the GDPR apply?
The GDPR applies to all businesses operating in the EU and processing “personally identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable person.
What implications does GDPR have for companies processing the personal data of EU citizens?
One of the critical aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Businesses will need to demonstrate the security of the data they are processing and their compliance with GDPR continually by implementing and regularly reviewing robust technical and organisational measures and compliance policies.
Who is the “Controller”, and who is the “Processor”?
Following the GDPR, when BD Services provides a business with outsourced customer support and respectively processes personal data on behalf of our customer by utilising our customers (your) existing system(s) (CRM, backend platforms etc.) throughout such services. BD Services is recognised as the “Processor”, and our customer (you) is recognised as the “Controller”.
When BD Services provides a business with outsourced customer support and respectively processes personal data on behalf of our customer by utilising its in-house system(s) (Salesforce etc.) throughout such services, then BD Services is recognised as a “Controller”, and our customer (you) are also recognised as a “Controller”.
How can BD Services’s customers ensure/maintain compliance with GDPR?
We encourage all of our customers to regularly review their privacy and data security processes and policies to ensure compliance.
Depending on which scenario you choose, us using your own existing system(s) or you using our in-house system(s) we can supply you with either a Data Processing Agreement (DPA) or a Controller to Controller Agreement.
Controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with EU data protection law. Below are some key points to consider for GDPR compliance:
Geographical Application: The GDPR may apply to businesses established in the EU and certain companies based outside the EU that are processing the personal data of EU citizens.
Rights of End-Users: Businesses should be aware of End-Users whose personal data they may be processing. The GDPR establishes enhanced rights for End-Users, and businesses must be able to accommodate those rights.
Data Breach Notifications: Businesses that are controllers of personal data should have transparent processes to comply with the GDPR requirement to report data breaches according to the time frames set out within the GDPR.
Appointment of a Data Protection Officer (DPO) and Representative within the EU (Representative): Businesses may need to appoint DPOs and Representatives to manage issues relating to the processing of personal data.
Data Processing Agreement (DPA): If businesses use a third party to process personal data on their behalf, they need to have a DPA in place with the processor to comply with GDPR requirements. BD Services’s DPA can be obtained by submitting a request to firstname.lastname@example.org.