On 25th May, 2018, the GDPR will come into effect in the EU, instigating widespread change in the way businesses handle and process data. The GDPR is designed to protect the privacy of EU citizens, and will require that any business that operates within the EU, or processes the data of EU citizens, has adequate data protection and data breach measures in place. Those businesses who fail to comply with the new regulations are liable to incur fines of up to €20 million, or four percent of annual turnover, whichever is greater.
The GDPR presents both a challenge and an opportunity for the channel, both in how the partner itself complies with the regulation, but also in how they help their customers to follow their lead.
One of the key changes from the Data Protection Act to the GDPR is the new obligations it places on data processors. Under the GDPR, processors will have a set of data protection obligations independent of the terms of the contract they may have agreed with their client. Processors will now be held directly responsible for any breach of GDPR regulations which occurs on their watch, subjecting them to a variety of fines and sanctions.
Additionally, if you decide to employ a third party to process data on behalf of one of your clients, the client themselves must be notified of this fact, and written permission must be obtained.
One of the primary purposes of the GDPR is to empower and protect the individual, and to hold businesses responsible for how they handle the data of those individuals. The challenge for partners in complying with the GDPR, as the people responsible for handling and processing sensitive data, is in acknowledging that privacy and protection are two very different things. Traditionally, privacy has been the priority of the client, and protection the priority of the law, with protection inevitably taking precedence in the eyes of partners, often at the expense of privacy.
Now, with the implementation of the GDPR, and the subsequent empowerment of the individual and their data, the priorities of the partner must evolve accordingly, and begin to recognise data privacy as a priority that they themselves are responsible for, rather than someone else’s problem.
As a consequence, clients will now expect their partners to make the necessary changes to their business operations to ensure that the data in their care is processed in a way that is fully compliant with the high standards set by the GDPR. As ever with regulatory implementation, instead of being seen as a burden, compliance can be leveraged as a competitive advantage, and used as trust signal when marketing your business. This is a unique opportunity for partners to position their business as a market leader in GDPR compliance, as well as enabling them to advise their own clients on the responsibilities that will be incumbent upon them under the GDPR, advice which may prove to be invaluable given the harsh penalties for noncompliance.
Post GDPR, ITAD Services will no longer be an afterthought, but an integral part of every IT Supply Chain. Our Partner Programme enables you to offer this contracted service to your Clients.
With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.
Contact us today on 0161 777 1000 or visit https://www.tier1.com to find out how we can help you dispose of your data safely and reliably.