Moving into 2019 with increased confidence in GDPR Compliance
2018 was a year of continued change and growth in the technology space. We at Spectrum saw significant growth in 2018 and made great strides in adapting to new requisites and regulations to meet our clients’ challenges and requirements.
One of those new regulations was the GDPR mandate. GDPR was 2018’s biggest regulatory change, affecting consumer companies, software vendors and consulting companies alike. With a hard deadline of May 25, 2018, and the possibility of large penalties for noncompliance, GDPR got a lot of attention in the corporate world.
We learned that it was crucial to understand the following key points in order to help our clients become compliant:
- GDPR applies to payees personal information like salary, target incentive, email etc.
- Clients need to eliminate/minimize the use of payee personal data such as personal email ID, SSN or physical address for sales commission purposes. Most companies already use work email ID and EmployeeID which are not personal data
- SPM Consulting partners need to extend their confidentiality agreements with customers and employees to include payees personal data for GDPR protection
- SPM Consulting partners also need to include in their customer contract clauses that help the customer in compliance-related reporting and cooperation with the Supervisory Authority
- Stricter controls over storage and usage of payees personal information
Spectrum made it a priority to update our contracts and confidentiality agreements. In addition, we instituted mandatory security training, and other business practice changes to ensure GDPR compliance. Entering 2019, our clients can engage with us, confident that we will do our part to protect their businesses from data breaches.