Your company handles clients’ and partners’ business data and you need to become compliant with the GDPR, but you are concerned about the complexity and costs on your way to fully embracing this regulation. Perhaps you aren’t aware of all the processes that should be included in the compliance project, or you’re not sure if your personnel are ready to face the challenges. Learn how to successfully answer this challenge from the real-life example of a specialist technology company: Resonate.
Compliance officer explains how Resonate did it
This globally-oriented enterprise, with offices in Netherlands, United Kingdom and Slovakia, provides Unified Communications and Collaboration services to its customers across the world (more specifically: professional consultancy services and full end-to-end managed services). Visit the Resonate website to learn more about the company’s services and how they could help your business. Resonate Consultancy Ltd was founded in 2015 by a group of colleagues recognizing the potential of this new way of communicating and collaborating. We did a quick question & answer session with with Douwe Visser, who is one of the company’s founders and partners, as well as the director and compliance officer. We wanted to find out how they implemented the GDPR within Resonate.
Visser is an expert with 15 years of experience working in the oil industry for Shell and Kuwait Petroleum. He also has 20 years experience within the telecom industry, working for multiple international providers such as Tele2, Verizon Business and AT&T. His experience has primarily been in project management and delivery of complex customer network solutions. Recently, he has managed the deployment and support teams in nearshore countries for what has been recognized as the largest global Microsoft Unified Communications and Collaboration implementation for one of the world’s leading oil and gas companies. Here is how he conducted the GDPR compliance project.
Besides the mere obligation of being GDPR compliant, why did Resonate decide to become compliant? What was your main reason?
Resonate understood the importance and criticality of data protection and the responsibility that all companies have to adhere to the necessary legislation and standards.
When and how did you become fully compliant?
We became compliant in Q1 2019.
What types of data do you process in Resonate? How sensitive are they? Do you also process video and audio data coming from your products and services?
The data we are processing is considered “Business data” and does not fall in the category “sensitive data.” Think of name, E-mail address, Telephone number, IP address.
How do you solve cross-border issues?
By signing an agreement between companies where we state we are acting as data controller or data processor.
What do you consider as the biggest data protection challenges in your industry?
We see the human factor as the biggest challenge in protecting data. Technically, you can have all measures in place but ultimately, it’s the people that handle the data, store it and protect it.
Which measures do you take to protect your users personal data and privacy?
Ensuring we have the right technical security in place; for example encryption of data, and firewalls to protect data to be accessed.
Are there any most common myths or questions about data protection that customers ask you?
Common questions asked by our customers are: “Is my data securely transmitted and safely stored?” and ‘’Where is my data stored?’’.
Which challenges did your company face while taking the implementation processes? How did you solve them?
We regarded the GDPR implementation process as a guideline of things that needed to be in place to become compliant. We realized that there were processes that we hadn’t thought of but became apparent during the implementation process. As examples I can mention, the data processing agreement between companies often as an addendum to the commercial agreement and the Privacy Statement.
How did Advisera’s EU GDPR Documentation Toolkit help you in this process?
Advisera’s toolkit was very beneficial to Resonate and provided a structure and templates that ultimately ensured we would become compliant. The instruction videos were also helpful.
How did Advisera’s EU GDPR Data Protection Officer Course help you as the compliance manager?
It helped me as Data Protection Officer to understand the GDPR framework, how to use the GDPR templates and provide the input for the training of our employees.
You seem to transform your customer’s business and influence the evolution of the technology and the industry. What are your plans for the future when it comes to communication with customers who are striving for excellence?
To answer this question what better can I do than referring to our mission statement: “To be the company of choice for guiding customers to their unique journey from legacy to a Unified Communications & Collaboration solution. Saving them money and making their business more productive, unlocking limitless potential for innovation.”
For help with deciding on how to approach your compliance project, download this free white paper: Implementing EU GDPR with a consultant vs. DIY approach.