EVERYTHING YOU NEED TO KNOW ABOUT

Dealing with GDPR

Q: We don't collect or store personal data on customers. Do we need to comply then?

It all depends on whether you store or use personal data on European citizens. That goes, whether those citizens are customers, prospects or employees. If you have European employees, you probably store their names, addresses and bank information. Data like that is considered personal data in the eyes of the European Commission and you need to implement parts of the regulation, for instance, employees must give consent to the use of their data and have rights such as the right to rectification and you need to be able to document all of this to authorities.

Q: We are only processing B2B data. Are we then affected?

It depends on the type of data you are processing. Can the data be used to identify individuals? If yes – and for most B2B companies, the answer will be yes – you are processing personal data in the eyes of the European Commission and need to comply on the same terms as B2C companies.

Q: We are located in the UK. Are we affected?

The simple answer is: Yes, you are. If you process personal data of European Union citizens, you need to comply no matter where you’re located – EU member or not.

Q: Do EU businesses with more than 250 employees need to hire a DPO?

No, not necessarily. Although an early draft of the GDPR specified that the exact number of 250 employees was the trigger for whether or not you need a DPO, the final regulation does unfortunately not have quite as clear guidelines for this. DPOs are mandatory for all public authorities, for organizations that conduct large-scale processing of special categories of personal data (such as health data), and where the core activities of a business involve "regular and systematic monitoring of data subjects on a large scale". Most large retailers fall under this definition. If you are unsure whether or not this applies to you, we suggest you seek legal advice.

Q: Is it true that we can only store personal data for a limited period of time?

Yes. The GDPR sets out a so-called “Data Storage Limitation”, meaning that personal data cannot be stored longer than is necessary for the processing purposes. Personal data may be stored for longer periods as long as the data will be processed only for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes.

Q: Is it true that a customer or prospect can demand his or her data transferred to a competitor?

Yes. It’s now a consumer right called the “Right to Data Portability”. The GDPR explicitly says: “The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.”

Q: How is it impacting our marketing activities?

The GDPR has for sure a big impact on the way you do your marketing not to mention who you can target, and that goes whether you’re in B2C or B2B. The consent requirements ask of you to collect clear consent from each targeted individual that makes it clear that he or she is happy for you to use their data and market to them. Before, you could collect contacts and put them in your database and then use their data to further market to them on platforms and with purposes differing from where and for what the data was originally collected. With the GDPR, the consent has to be specific to that particular processing operation, meaning that you cannot request open-ended or blanket consent to cover future processing. If you want to market to someone in a new way, you will have to collect a new consent for this specific purpose. Furthermore, you need to properly manage all of these consents to be able to document it towards authorities upon request.

Q: Can we transfer personal data outside the EU?

Yes, but the receivers have to live up to certain data protection standards. The GDPR permits personal data to be transferred to non-EU organizations and countries which have been found by the European Commission to provide an “adequate” level of protection or under certain circumstances, such as by use of standard contractual clauses or binding corporate rules (BCRs).

Q: It sounds like the GDPR has been made for consumer only. What's in it for the companies?

The GDPR is also created to make it simpler for organizations to manage personal data in a multinational environment and to minimize the risk of businesses being involved in seriously damaging data breaches. The GDPR has in most aspects replaced different national laws, with the aim of harmonizing data protection rules throughout Europe. Additionally, With the introduction of a “Supervisory Authority” in each member state, organizations have one place to go to with all their personal data-related issues.

Q: What happens if we don’t meet the regulation?

Not complying can potentially result in huge fines. Sanctions for offences relating to control and mitigation are up to 10 million Euros or 2% of the total worldwide annual turnover while offences relating to rights and obligations are as high as 20 million Euros or 4% of turnover.

The General Data Protection Regulation (GDPR) from the European Commission affects organizations globally and the impact is huge.

Whether or not you're a European company, you can't ignore the regulation. Here you'll find everything you need to know about the GDPR. What is it? Who is it affecting and how? What do you need to do?

What is the GDPR?

The General Data Protection Regulation (GDPR) is a binding regulation created by the European Commission. The regulation, which came into effect on the 25th of May 2018, has replaced former European Union data protection directives and diverse national laws.

Affected businesses have to meet several requirements in relation to how they collect and use the personal data of EU citizens – whether or not the company itself is European.

The GDPR was introduced in order to strengthen the citizens' right to data protection and – in the longer run – to simplify the processes around this data for the organizations.

Get the White Paper: What is GDPR? Who does it affect and how?

Location data

Name

Employee ID

ID number

Address

Phone number

Health data

Passport number

Job title

IP address

Genetic data

Social data

What is personal data?

The EU define it as follows:

"Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, genetic, mental, economic, cultural or social identity of that natural person."

How personal data is typically used

Location services

Notifications

Target advertising

Integrate multiple accounts

Personalized content

Third-party information

How does the GDPR affect your business?

Complying with the GDPR involves comprehensive changes to your policies, processes and maybe even systems.

You may need a data protection officer

You need to report personal data breaches

EU citizens (including consumers, employees and partners) have rights, such as:

Right to be forgotten
Right to access
Right to data portability
Right to rectification
Right to object

You need to communicate transparently

You have to follow strict consent protocol

The affected data is subject to certain collection and storage restrictions

You need to be able to identify all your personal data - customer, prospect and employee data - across systems and what exactly it is used for, and by whom

Compliance 101: The Facts and Figures Behind It and Why You Should Care Find out the facts and figures of compliance and how MDM can give you a competitive edge. Get the Infographic

Solved! 4 Biggest Personal Data Challenges of the GDPR How data governance helps you cope with data privacy regulations. Read the Blog Post

How to Optimize for the GDPR by Leveraging Existing Data Leveraging existing data through data governance and appropriate technology not only ensures compliance with the GDPR but also makes a stronger business case for the company. Get the White Paper

View All Resources

Are you responsible for processing EU citizens' data?

If yes, you are considered a data controller no matter where in the world you are located and have the main data protection responsibility under the GDPR. You need to meet several requirements.

Are you processing data of European citizens on behalf of others?

If yes, you are considered a data processor. Regardless of where in the world you are, you have to meet several requirements under the GDPR:

Systematically document all data processing and provide it to authorities upon request
Report any non-compliant activities and data breach risks to your data controller
Very likely appoint a data protection officer

processing data of European citizens on behalf of others

10 frequently asked questions about the GDPR

By now you probably get the gist of it, but maybe there are some questions. Don't worry, we have listed 10 of the most common questions. Click to see the answers.

1. We don't collect or store personal data on customers. Do we need to comply then?

2. We are only processing B2B data. Are we then affected?

3. We are located in the UK. Are we affected?

4. Do EU businesses with more than 250 employees need to hire a DPO?

5. Is it true that we can only store personal data for a limited period of time?

6. Is it true that a customer or prospect can demand his or her data transferred to a competitor?

7. How is it impacting our marketing activities?

8. Can we transfer personal data outside the EU?

9. It sounds like the GDPR has been made for consumer only. What's in it for the companies?

10. What happens if we don’t meet the regulation?

How master data management supports compliance with the GDPR

The foundation for complying with GDPR is that the personal data you collect, store and process is updated, accessible and has clear data governance programs and business rules applied. Master data management can help you do this, optimizing your personal data beyond the GDPR.

What is master data management (MDM)?

Master data management (MDM) is the core process used to acquire, organize, synchronize, enrich and share master data according to the business goals and operational strategies of your company.

Master data can take the form of product, customer, supplier, location and asset information, in addition to any information sources that drive your business.

The efficient management of master data in a central repository gives you a single authoritative view of information and eliminates costly inefficiencies caused by data silos.

MDM supports your business initiatives and objectives through identification, linking and syndication of information and content across products, customers, stores/locations, employees, suppliers, digital assets and more.

In sum, MDM provides the data transparency you need to run your business better and achieve compliance with regulations.

Learn more about Customer Master Data Management

Master all data domains on one platform.

An MDM solution from Stibo Systems allows you to gain insights across several data domains and achieve synergetic effects.

Party data

Mastering party data allows you to create the relationships that are vital to gain an accurate understanding of the value of each of your records. It makes it easier to identify customers and provide better customer service.

Product data

Rich and accurate product data helps customers make informed buying decisions. Studies show giving people better information and content boosts online sales and reduces returns. High-quality product data also facilitates accelerated vendor onboarding.

Location data

Location data is essential for managing your physical stores, offices, warehouses and more. Combine location data with product and supplier data to gain better insight into your data supply chain.

Reference data

Keeping reference data fields such as country, currency and conversions up-to-date is critical to making key business decisions, understanding their impact on the performance of your systems and meeting regulatory compliance.

Asset data

Managing asset data with disparate systems across departments can drag down data quality. With all asset data linked together in a central repository you have an accurate overview of who is using what equipment, where it is stored, and when it was maintained and by whom.

Employee data

Employees are valuable assets. Managing employee data in a centralized MDM solution enables you to connect it with other domains and gain new insights, such as which employees have worked on what projects, where they’re located and their skill levels.

Data-driven companies gain multiple advantages with master data management.

Turn compliance into advantage

Build trust with suppliers and partners through regulatory and industry compliance, and customer loyalty via adherence to data privacy standards.

Explore More

Manage and mitigate risk

Ensure data for critical decisions is accurate and updated via data governance, automate error-prone manual processes and guard against costly regulatory violations.

Explore More

Accelerate digital transformation

Fuel AI, IoT and real-time personalization initiatives with the high-quality data they demand. Drive brand differentiation and deliver greater value, success and ROI.

Explore More

Increase business agility

Proactively pivot or adapt to evolving markets or customer needs. Respond to challenges, quickly onboard products, add channels and manage expansion and M&A.

Explore More

This is how you convince your organization. We have an ebook on how to build a business case for adopting Master Data Management.

Grab Your Copy

LET’S START CREATING A MORE TRANSPARENT WORLD Empower data transparency through MDM. At Stibo Systems, our mission is to create the world’s most versatile master data management solutions, built to enable businesses to optimize their business, environmental and social performance. Connect with us today to start your journey to creating better business and a better world.