<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=229461991482875&amp;ev=PageView&amp;noscript=1">

The General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018. You will likely have had it on your radar for the last two years, since it was passed through the European Council and have hopefully put in place some processes to ensure compliance.

However, given that this is new legislation with no legal precedents to work from other than related, but different, privacy laws you may still have some concerns and areas to focus on.

We have taken steps at Gatekeeper to ensure compliance for ourselves but our solution also can provide a crucial link to make sure that you’re keeping accurate records of your commitments and those of your suppliers.

First, some quick background on GDPR

According to the GDPR website, GDPR “is an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market..”

It builds on the previous data privacy legislation (Data Protection Directive 95/46/C) that has been in existence since 1995 and makes it more relevant to the modern day, with all its new technological conditions.

Key changes include:

  • Increased territorial scope, meaning that any company processing data regarding EU subjects must comply with the legislation, even if they have no physical presence in the EU.
  • Accountability for demonstrating compliance with GDPR throughout the data lifecycle
  • Consent for data processing is more clearly defined and, when obtained, must be done so in an open and transparent way
  • Penalties for non-compliance are considerably more severe than under the previous legislation.
  • Rights to access, to be forgotten and to data portability are also laid out more clearly and mean that companies need to have processes in place to provide users with details of how their data is being used, to provide their data to them in a usable format if asked and to erase the data if the user requests it.

Your responsibilities

The first thing to consider is your company’s role in relation to the data in question. The company that owns the data and “decides the purpose and manner that the personal data is used” is considered to be a “Controller”, while any suppliers or contracted parties which handle the data on behalf of the “Controller” are referred to as “Processors”. These might include agency partners, the company that provides your web servers or firms supplying software such as email providers.

Ultimately, the controller is responsible for the data that they collect and own. However, they are also reliant on the capabilities of the processors they work with to maintain data integrity and security. Tight contracts and high levels of trust are crucial to ensuring there are no issues.

Depending on the size of your business and the sensitivity of your data (eg criminal records), you may also be required to appoint a Data Protection Officer to oversee all your data management. This doesn’t have to be a person within your organisation necessarily - it could be an external agency or partner - but they must report directly to the highest level of management within your business.

As listed above, you’ll also need to be able to respond to requests for data access and deletion from subjects in a timely manner.

The other crucial facet is having details of all your data-related activities and details fully documented. This is where having a robust supplier and contract management system in place can pay dividends.

How Gatekeeper can help

A company such as Gatekeeper has a responsibility as a processor for the customer data that we handle but we can also go further and assist businesses looking to document their processes and record the compliance of their suppliers.

For instance, you can make it a mandatory part of any relevant contract that suppliers demonstrate their GDPR compliance. Specifically, this could include items such as data processing agreements. Use custom data fields to designate certain suppliers as ‘Data Processors” and then use that status to determine how they should be treated.

With Gatekeeper, you can make this part of your secure workflows, which will make sure that contracts can’t progress to being signed off until GDPR compliance is recorded.

Workflows can also be used to manage the ongoing GDPR requirements throughout the lifecycle, by scheduling periodic check-ins. In both these cases, the Gatekeeper workflows can underpin your data policies.

Gatekeeper can also provide you with an easily accessible record of all existing suppliers to work through to capture their compliance retrospectively.

We’re also pleased to say that Gatekeeper's Information Security Management System (ISMS) is certified to the ISO 27001:2013 standard. This means you can rely on us and our systems to store your information securely and compliantly.

This helps protect you as the controller by ensuring you’re working with capable suppliers and also with having a central record of all your suppliers and their compliant status, should you be required to produce it.

Finally, we’re also a global partner of Amazon Web Services, with five global hosting instances (including Dublin, Ireland). This means you can choose your region to support your data sovereignty requirements. This is particularly relevant when considering the International Transfers requirements of the GDPR.

Gatekeeper is a global partner with Amazon AWS

Between now and May we expect to see a lot more information being shared and written about GDPR as companies get themselves and suppliers into compliant positions. We also expect information security to take an even more prominent position in discussions with prospective new customers. We believe that we’re well placed to answer those questions and help customers manage their responsibilities effectively.

For more information on how Gatekeeper can support your business with GDPR compliance, get in contact today.

Disclaimer: This article should in no way be taken as legal advice. If you have questions regarding GDPR and how your business can comply then please seek professional legal advice.

Ian Bryce
Ian Bryce

Ian writes on a variety of topics, bringing together his own knowledge and experience with that of industry experts.


Contract Management , Contract Lifecycle Management , Vendor Management , Contract Lifecycle , Contract Management Software , Case Study , Supplier Management , CLM , Contracts , Risk Mitigation , Contract Automation , Contract Ownership , Risk , Contract Management Strategy , Contract Risk Management , Gatekeeper Guides , Legal , Negotiation , Vendor Management Software , COVID-19 , Contract Redlining , Legal Ops , RFP , Workflows , Artificial Intelligence , Business continuity , Compliance , Contract Repository , Vendor Onboarding , AI , CLM solutions , Clause Library , Contract Administration , Contract Management Plans , Contract Managers , Contract Performance , Contract Risk , Electronic Signatures , Excel , Kanban , Metadata , Procurement Strategy , RBAC , Redline , SaaS , Security , Spend Analysis , Supplier Performance , Vendor Portal , collaboration , contract renewals , Clause Template , Contract Approvals , Contract Breach , Contract Governance , Contract Monitoring , Contract Outcomes , Contract Review , Contract Templates , Contract Tracking , Dashboards , Data Fragmentation , Employee Portal , Gatekeeper , IT , KPIs , Obligations Management , Procurement Planning , Scaling Business , Suppler Management Software , Sustainable Procurement , automation , central repository , eSign , time-to-contract , webinar , Australia , BCP , Breach of Contract , Brexit , Business Case , Business Growth , CCPA , CMS , CSR , Categorisation , Certifications , Cloud , Conferences , Confidentiality , Contract Ambiguity , Contract Analysis , Contract Community , Contract Disputes , Contract Drafting , Contract Economics , Contract Execution , Contract Management Audit , Contract Obligations , Contract Obscurity , Contract Routing , Contract Stratification , Contract Value , Contract Volatility , Contract compliance , Contracting Standards , Contracting Standards Review , Data Privacy , Data Sovereignty , Definitions , Digital Transformation , Disputes , ESG , EU , Enterprise , Enterprise Contract Management , FCA , Financial Services , Force Majeure , GDPR , Hotels , ISO , ISO Certification , Implementation , Intergrations , Key Contracts , Measurement , Mergers and Acquisitions , Modern Slavery , NDA , Operations , Parallel Approvals , Partnerships , Pharma , Planning , Port Agency , Pricing , Procurement , RAG Status , Recession Planning , Regulation , Regulatory compliance , Requirements , SOC Reports , SaaStock , Shipping , Spend optimzation , Startups , Technology , Touchless Contracts , Usability , Vendor risk , remote working , vendor centric

Related Content


subscribe to our newsletter


Sign up today to receive the latest GateKeeper content in your inbox.

Subscribe to Email Updates