Impacts of EU Privacy law

Software Buyers – selection criteria and priorities will include GDPR compliance

  • all Customer organisations incorporated in the EU must comply with GDPR.
  • GDPR specifically states that EU businesses (data controllers) must select software vendors (data processors) who can ‘guarantee compliance with GDPR’ [Article 28(1)].
  • GDPR will also have a major impact on international key accounts with subsidiaries in the EU.
  • Software vendors – those who deliver compliant products first will gain a competitive advantage.
  • “privacy by design” (PbD) becomes the strategic USP for software vendors to aim for.
  • Building compliance into product development plans and delivering the promise will take significant effort.
  • Marketing communications around PbD need to be handled carefully to ensure buyer expectations are realistic and met on time.

Software Vendors – GDPR creates new requirements for their own Marketing activities

  • collection and flow of prospect / customer data must be documented.
  • field marketing and campaign processes must be documented.
  • data audits and risk assessment must be carried out by privacy professionals.
  • adds the new requirement that compliance must be documented.
  • tracking and monitoring of prospects and customers must be documented.

Software vendors – will be obliged to review relations with their own service providers

  • Uncertainty over Privacy Shield as the basis for data exports may be resolved in July 2016.
  • criteria for reviewing hosted services will include geographic location to minimise risk from non-compliant data transfers.
  • service provider contracts may need to be re-negotiated to include Standard Contractual Clauses.