Skip to content
Software Buyers – selection criteria and priorities will include GDPR compliance
- all Customer organisations incorporated in the EU must comply with GDPR.
- GDPR specifically states that EU businesses (data controllers) must select software vendors (data processors) who can ‘guarantee compliance with GDPR’ [Article 28(1)].
- GDPR will also have a major impact on international key accounts with subsidiaries in the EU.
- Software vendors – those who deliver compliant products first will gain a competitive advantage.
- “privacy by design” (PbD) becomes the strategic USP for software vendors to aim for.
- Building compliance into product development plans and delivering the promise will take significant effort.
- Marketing communications around PbD need to be handled carefully to ensure buyer expectations are realistic and met on time.
Software Vendors – GDPR creates new requirements for their own Marketing activities
- collection and flow of prospect / customer data must be documented.
- field marketing and campaign processes must be documented.
- data audits and risk assessment must be carried out by privacy professionals.
- adds the new requirement that compliance must be documented.
- tracking and monitoring of prospects and customers must be documented.
Software vendors – will be obliged to review relations with their own service providers
- Uncertainty over Privacy Shield as the basis for data exports may be resolved in July 2016.
- criteria for reviewing hosted services will include geographic location to minimise risk from non-compliant data transfers.
- service provider contracts may need to be re-negotiated to include Standard Contractual Clauses.