How to understand partner compliance for your own good

To help, here are some primary things to consider when managing vendor partners and reviewing their compliance.

First, look at privacy policies and terms of service provided by your partner

They're usually found on their websites. GDPR requires certain privacy policies to be stated, such as the rights of all EU citizen whose data is being processed. These rights include the right of data portability, the right to be forgotten, and the right to a subject data access request. Whether or not these statements are in the privacy policy may indicate compliance.

Does the partner utilize cyber-security tools to prevent data theft such as 2FA or encryption?

The GDPR states that security tools must be in place to match the risks associated with data processing. 2FA is a good way to protect against account hijacking and encryption helps protect stored customer data.

Obtaining consent before data processing --no pre-ticked boxes allowed

Strict rules are in place that restrict data processing and client communications to activities that are mainly either needed to fulfill contractual obligations or deliver the service at the needed level of quality. So, for any other data processing, consent must be freely given, specific, informed, and unambiguous indication of the individual’s wishes. Thus, checking how consent is obtained can show if the new regulations are considered.

Look over the partner agreements and amend them where needed

Make sure they include the new regulations, then establish agreement between your company and the partner’s.

While there are additional aspects that to consider, these four provide a good indication if the right kind of steps have been taken, and if the partners you use can be relied on to provide a compliant service that will not leave you open to litigation, fines, or a PR nightmare.

Omni-channel messaging is here

Check out our latest webinar going over the details (plus a demo) of the intelligent A2P messaging API.
Learn more