A hands-on report in 11 episodes to become fully GDPR compliant
Enforcement of the EU General Data Protection Regulation (GDPR) starts on 25 May 2018. Bisnode is ready and fully compliant. But it took huge effort to meet this impressive challenge. After 2 years of intense preparations we are on top of the GDPR mountain and fully ready to help our customers conquer this peak.
The GDPR legislation was launched in April 2016. It raised the bar in safeguarding the data and privacy rights of every EU resident. With stricter rules that apply for every company and organization worldwide dealing with data of EU citizens. GDPR also announced severe fines for failure to be in compliance.
Which steps did Bisnode take to be GDPR ready?
How did we make sure we can continue supporting the marketing activities of our clients with GDPR compliant data services? We bring you the case story in 11 episodes. It gives you a full-scope, first-hand experience of the fine-tuning of all data activities and services: from capture and handling to storage, including encryption, data exchange, obligations for HR, employees and external partners, security issues…
Looks complicated? Glad to help you!
Don’t worry: whenever in doubt about a GDPR data issue, do not hesitate to contact your Bisnode consultant. Getting GDPR ready? Been there! Done that! We’re ready to help and get you on your way.
EPISODE 1: the scope and challenges to get GDPR ready
Who’s involved? Everybody!
Boom: 27 April 2016, the European Union announces its new General Data Protection Regulation, to be effective on 25 May 2018. The new rules impacted the very core of the Bisnode business model. They affected every single company and organization dealing with consumer data from EU citizens. They involved every single person and system being connected directly or indirectly with consumer data:
- The entire staff at Bisnode.
- All Bisnode clients.
- All our suppliers.
- All our marketing and internal systems.
A strong basis to build on
Extreme carefulness with data and total respect for consumer privacy is embedded in the DNA of Bisnode. We believe that earning the complete trust of consumers and clients is truly vital for our business.
Privacy has always been our top priority. That’s why we were fully on board when the first privacy legislation was launched back in 1992. Together with major international clients we have built up relevant experience for data security and developed clear processes and strict procedures.
Being part of Bisnode Group gave us international leverage to do so. We have our own legal team. We collaborate with our business federations and take part in committees to anticipate new privacy legislation and prepare for it well in advance.
First challenges to be met
GDPR implicated our entire business. It involved people and processes both in our own organization and in the collaboration with our clients, partners and suppliers. Lots of new GDPR concepts had to be integrated: data retention, data minimization, data processing agreement, Privacy Impact Assessment (PIA)…
For a smooth transition Bisnode must provide full assistance to clients: from answering questions to setting up new procedures. IT processes need to meet new requirements: encryption, data transfer and data storage rules, access management, traceability of data, etc. New tasks such as incident management and data subject right management must be fulfilled.
To be fully prepared Bisnode set up an international program at group level, with separate project task forces in each country.
Business critical issues to conquer the GDPR mountain
GDPR also restricts the use of certain data, which impacted the Bisnode data offering. Some data and variables – e.g. related to minors – could no longer be provided.
One of the lawful grounds for data-processing accepted by GDPR is ‘when the data are necessary for the purposes of legitimate interests by the data controller or a third party.’ This proved to be very complicated because these ‘legitimate interests’ must be accepted by the Data Protection Authorities and by the market. Covering this wide legal playing field also involved working together with external lawyers.
Maybe the biggest challenge was and is the emotional one. The new rules and the threat of big fines make marketers worry about the possible risks of their campaigns. Bisnode sees creating clarity and offering full assistance, support and reassurance as a top priority to help its clients comply to GDPR.
Here are some topics of the next episodes of our GDPR case story
- How does Bisnode capture and manage data internally the GDPR way?
- The battle to define ‘legitimate interests’ to process data and contain this in fair legislation, which takes into account the business interests of our sector.
- Evolving our business offering, focusing on ‘Single Customer View’.
- Developing procedures to assist clients when consumers exercise their new data privacy rights.
- Consulting clients on GDPR compliant data exchange and operation.
- IT security: how to encrypt and how to store data correctly?
- How to make Human Resources GDPR ready.
- Risk assessment of partners and subcontractors.
For more information on GDPR please contact your Bisnode consultant.
Need help? Want to dig deeper into the GDPR implications? Our GDPR consultants will gladly answer all your questions.