Share it with your network!
Help your colleagues and friends deepening their knowledge
Who’s involved? Everybody!
Boom: 27 April 2016, the European Union announces its new General Data Protection Regulation, to be effective on 25 May 2018. The new rules impacted the very core of the Bisnode business model. They affected every single company and organization dealing with consumer data from EU citizens. They involved every single person and system being connected directly or indirectly with consumer data:
A strong basis to build on
Extreme carefulness with data and total respect for consumer privacy is embedded in the DNA of Bisnode. We believe that earning the complete trust of consumers and clients is truly vital for our business.
Privacy has always been our top priority. That’s why we were fully on board when the first privacy legislation was launched back in 1992. Together with major international clients we have built up relevant experience for data security and developed clear processes and strict procedures.
Being part of Bisnode Group gave us international leverage to do so. We have our own legal team. We collaborate with our business federations and take part in committees to anticipate new privacy legislation and prepare for it well in advance.
First challenges to be met
GDPR implicated our entire business. It involved people and processes both in our own organization and in the collaboration with our clients, partners and suppliers. Lots of new GDPR concepts had to be integrated: data retention, data minimization, data processing agreement, Privacy Impact Assessment (PIA)…
For a smooth transition Bisnode must provide full assistance to clients: from answering questions to setting up new procedures. IT processes need to meet new requirements: encryption, data transfer and data storage rules, access management, traceability of data, etc. New tasks such as incident management and data subject right management must be fulfilled.
To be fully prepared Bisnode set up an international program at group level, with separate project task forces in each country.
Business critical issues to conquer the GDPR mountain
GDPR also restricts the use of certain data, which impacted the Bisnode data offering. Some data and variables – e.g. related to minors – could no longer be provided.
One of the lawful grounds for data-processing accepted by GDPR is ‘when the data are necessary for the purposes of legitimate interests by the data controller or a third party.’ This proved to be very complicated because these ‘legitimate interests’ must be accepted by the Data Protection Authorities and by the market. Covering this wide legal playing field also involved working together with external lawyers.
Maybe the biggest challenge was and is the emotional one. The new rules and the threat of big fines make marketers worry about the possible risks of their campaigns. Bisnode sees creating clarity and offering full assistance, support and reassurance as a top priority to help its clients comply to GDPR.
Here are some topics of the next episodes of our GDPR case story
How to handle collected data in line with GDPR?