EPISODE 2: How does Bisnode handle collected data the GDPR way?

13 Apr 2018

The benefits of a ‘Single Customer View’ 

Long before GDPR appeared, Bisnode already took great care to handle personal data with full respect for privacy and confidentiality. GDPR mainly added the obligation to formalize the Bisnode processes for data collection and handling.

One process Bisnode already applied was comparing source partner data and reference data files to optimize the quality and to create a Single Customer View. This allowed us to provide our clients with better and cleaner data. Some source partner data are better than others because e.g. they are updated or corrected more regularly.

How GDPR impacted our reference data lists 

It is essential that all data that Bisnode receives from partners are fully GDPR-compliant in the way they were collected, processed and delivered. 

As a result of GDPR some data can no longer be used:

  • GDPR prohibits  to process personal data relating to minors without the consent of their parents. This implies that data from persons under 18 are out of bounds. The age limit of 18 years still could change in the future.
  • Was the legal phrase that accompanies consumer registration not in compliance with GDPR? Then these collected data can no longer be used.
  • All data that were collected in any way that is not GDPR compliant can no longer be used. 

Respecting the data subject’s rights 

GDPR gives EU citizens – the so-called ‘data subjects’ - specific rights concerning their data. Bisnode is implementing all necessary procedures to respect these individual rights. We wish to emphasize about 3 of these rights : 

The right to access

Data subjects can contact Bisnode via mail, containing a copy of an official ID document. On their request Bisnode will provide them with all the available data. 

The right to rectification

Bisnode will install the GDPR compliant procedure to enable data subjects to adapt, correct or complete their data. 

The right to be forgotten

The right to be erased from a database entails a very complex process. There’s a possible risk that the citizen’s data after being deleted from the Bisnode files could re-enter the reference data list via an external partner. Bisnode has developed a solution to prevent this. 

For more information about these rights, see the website 

Guaranteeing GDPR-compliant traceability 

GDPR prescribes that data must be traceable across data workflows, both internally and externally. The entire process needs to be logged. First there’s the collection of data by partners. Then Bisnode uses these data to build a reference data file. Tailored to the specific needs of a Bisnode client a specific  list is assembled. GDPR compels Bisnode to make the delivered data traceable in order to register why and how they are used. 

From which GDPR compliant sources does Bisnode collect new data? 

That’s the subject of episode 3.

Looks complicated? Glad to help you!

Looks complicated? Glad to help you!

Don’t worry: whenever in doubt about a GDPR data issue, do not hesitate to contact your Bisnode consultant. Getting GDPR ready? Been there! Done that! We’re ready to help and get you on your way.

Subscribe to our newsletter