Understand the responsibilities and risks around GDPR compliance for Channel Programs.
The new GDPR regulation makes significant changes to how channel programs can email partners.
Every channel organization is a dynamic and complex machine that is driven by interactions with their prospects, partners, their partner’s contacts, as well as technology to enable these communications.
The regulations for these interactions have become more complex with the European Union General Protection Regulation (GDPR) that comes into effect on May 25, 2018.
What is GDPR and Who Does It Affect?
Any organization that processes data about individuals in the context of selling goods or services to ‘Data Subjects’—this is what we refer to as a Contact—in European Union countries, regardless of the organization’s location, will need to comply with the GDPR, a new data protection law that strengthens individual rights around consent to be contacted and for what reasons they are contacted, and requires increased attention to data security both procedurally and technologically.
It is paramount for channel organizations to be prepared because the penalties for non-compliance are clearly outlined in the law and significant enough that they are not worth the risk of breach. Read the Regulation here.
At Channeltivity we are prepared for when GDPR goes into full effect on May 25, 2018, and want to help Channel Marketers understand how the regulations will impact partner marketing strategies going forward.
This document is not intended to provide legal advice. We urge you to consult with your own legal counsel to familiarize yourself with the requirements that govern your specific situation.
What Does GDPR mean to Channel Marketing?
At its core, the GDPR is about having documented consent for sending marketing email to a recipient. In the event of a violation, it is up to the sender to prove that consent was given. Specifically, any data held (contact information) must have an audit trail that is time stamped and reveals what the contact opted into, and how.
The further removed you are from the collection of data, the higher the risk of non-compliance becomes. For example, running marketing campaigns on behalf of your partners has greater risks associated with it because you need to ensure your partner got permission specifically to have you contact them and for what purpose (and has a clear audit trail) for you to email that prospect, not just permission for the partner to send email to that prospect.
In addition, giving your partners marketing automation tools within your channel portal increases your risk because you are enabling the email marketing without holding the consent audit trail.
Because of this, it is recommended that Channels focus on tried and true through-partner marketing strategies: support your partner’s campaigns with planning, content, and funding, and enable easy deal registration. You create and manage your own marketing campaigns to generate opt-in leads and distribute these leads to your partners. Each party is then responsible for their own consent documentation, lowering your risk of violating the GDPR.
Questions to Ask to Ensure Your PRM provider is compliant
Whether you currently have a Partner Relationship Management (PRM) solution in place or are considering one, there are important questions to ask to ensure the solution provider is doing their part to comply as a data processor,
- Do they have a GDPR addendum to their contracts? This addendum should protect you in the event the PRM provider (considered a Data Processor by the GDPR) violates the GDPR.
- Is the PRM built on a fundamentally secure solution stack such as Oracle or Microsoft, or is it built on an open source platform such as WordPress? Open source platforms, by their nature, may be more vulnerable to data breaches.
- Is there customization work required to set up your portal? If so, who performed any customizations? Are they on or offshore? What type of risk mitigation procedures do they have in place?
- Are they true single source multi-tenant? See our ebook for more details.
- Do they use their own hosting facility or rent space where they bear the burden of ensuring security or are they using a managed facility such as Microsoft Azure or AWS (Amazon Web Services)?
Understanding your risk of system breach is critical to knowing what kind of trust you should place in your solution provider.
Channeltivity is ready, compliant and ready to help you navigate and thrive under this new regulation.
For more details, please read our eBook, Preparing for GDPR: What Channels Need to Know to be Ready
* Few Companies are Ready for the Upcoming GDPR, eMarketer, February 16, 2018, https://www.emarketer.com/content/few-companies-are-ready-for-the-upcoming-gdpr