Messente avatar logo

How to understand partner compliance for your own good

Uku Tomikas

23 Jan 2018 -

5 min read

Uku Tomikas

23 Jan 2018


2 min read

An important aspect of the new General Data Protection Regulation (GDPR,) which is easily overlooked, is potential liability from third parties who handle your customer data. If a data breach is caused by a partner, and your customer data is stolen, accounts are hijacked, or any other harm is done, substantial fines may be on their way –to your company.

To help, here are some primary things to consider when managing vendor partners and reviewing their compliance.

First, look at privacy policies and terms of service provided by your partner

They're usually found on their websites. GDPR requires certain privacy policies to be stated, such as the rights of all EU citizen whose data is being processed. These rights include the right of data portability, the right to be forgotten, and the right to a subject data access request. Whether or not these statements are in the privacy policy may indicate compliance.

Does the partner utilize cyber-security tools to prevent data theft such as 2FA or encryption?

The GDPR states that security tools must be in place to match the risks associated with data processing. 2FA is a good way to protect against account hijacking and encryption helps protect stored customer data.

Obtaining consent before data processing --no pre-ticked boxes allowed

Strict rules are in place that restrict data processing and client communications to activities that are mainly either needed to fulfill contractual obligations or deliver the service at the needed level of quality. So, for any other data processing, consent must be freely given, specific, informed, and unambiguous indication of the individual’s wishes. Thus, checking how consent is obtained can show if the new regulations are considered.

Look over the partner agreements and amend them where needed

Make sure they include the new regulations, then establish agreement between your company and the partner’s.

While there are additional aspects that to consider, these four provide a good indication if the right kind of steps have been taken, and if the partners you use can be relied on to provide a compliant service that will not leave you open to litigation, fines, or a PR nightmare.

Whitepaper: Impact of Two-Factor Authentication on data breaches

Uku Tomikas

Lead Sales Researcher

At Messente Uku is a part of Messente’s sales lab, taking a systematic and metrics driven approach to constantly improving the B2B lead generating process. As a yoga and meditation enthusiast he likes to keep a solid balance between crunching numbers and petting his pet pup Lucy. 

We're here to help you connect with your customers. Let's start talking.

Email again:

Further reading

Learn more about one of the strongest customer communication channels

13 Mar 2018

Brands and product managers adopt SMS messaging because it has become one of the most effective ways to...

Yuriy Mikitchenko

2 min read

Most notable takeaways in the industry from MWC 2018

06 Mar 2018

We're back from Mobile World Congress –the largest mobile technology event in the world –and it's time to...

Lauri Kinkar

2 min read

We made it to the Inc. 5000 Europe list amidst MWC 2018!

28 Feb 2018

We shipped part of our team to Barcelona this week to connect with the global mobile tech community,...

Yuriy Mikitchenko

2 min read

Emojis and SMS APIs. What gives? Here's how to do it.

27 Feb 2018

Remember the days when you sent “;)” in a text message when you were being facetious with a...

Yuriy Mikitchenko

2 min read