Don’t turn a blind eye on GDPR compliance! Especially when it comes to your Suppliers and Resellers!
Identify & Classify GDPR Risks
More and more IT leaders are becoming unclear about GDPR compliance guidelines as it relates to specific suppliers and services. This has resulted in many organizations and leaders becoming vulnerable to the consequences of a 4% gross revenue fine for non-compliance.
Working with Multinational companies, CloudZen Partners always takes General Data Protection Regulation compliance extremely seriously when vetting the suppliers and has lately found more and more suppliers that do not meet these standards which have put companies in serious danger.
CloudZen Partners helps companies make the best choices for their telecommunication and infrastructure needs. A typical engagement with our team that has over 20+ years’ experience, starts with a deep audit of existing services and cost associated to them.
On average we find a 30-50% savings opportunity to either eliminate unneeded services or make a technology change that results in lower cost. We have a strong team of engineers that support our clients who have specialties in different areas, so we help our clients make technology decisions based on their unique use case at no cost to the client or uptick in service fees.
What you may not know as an IT leader is that your voice services suppliers including fixed and wireless must meet GDPR compliance.
IT leaders have been surprised and unaware that this compliance relates to providers such as TEM and resellers who are touching any international circuits or voice services in countries that follow the GDPR compliance guidelines. There are very few TEM’s that are GDPR compliant.
From a reseller perspective, even if the underlying supplier is GDPR compliant which most tier 1 and 2 providers are, you are out of compliance if the reseller is not. As a consultant, I know as well as anyone that vendor simplicity in a large global network is very appealing and helps to streamline billing and service needs however many of the domestic-based resellers are not GDPR compliant.
Due to this, you as the data controller are out of compliance and at risk if utilizing a reseller for your international circuits or voice services. The supplier has no liability as they are the data processor not the data supplier and the liability fall on the data supplier. California has just announced they will be following GDPR compliance guidelines as well, therefore not only do your suppliers who touch international data but any data out of California will also need to be held to the standard of GDPR compliance.
So what does this mean for you as an IT leader first and foremost, you need to ask your suppliers to provide you with their
“Data Processing Agreement.” If any of your suppliers do not meet the standard, then you need to make an immediate change.