You may be GDPR ready, but are your third-parties? | DMA

Filter By

Show All

Connect to


You may be GDPR ready, but are your third-parties?


Gone are the days when marketing was as simple as creating an inticing campaign, targeting new prospects and handing them over to the sales department. Today, marketers are not just expected to understand what makes customers tick, but to also identify, influence and enhance their experience throughout the whole customer journey.

As a result, marketing departments are often handling personal and sensitive customer data for the creation and execution of customer communications. The handling and processing of this data therefore becomes a vital cog in an organisation’s GDPR preparations, especially when third-parties are involved.

Third-party data processors could include anyone from your Email Service Providers (ESPs), to your Customer Relationship Management system (CRM) to even your favoured direct mail printer: a number of services that you use on a day-to-day basis are third-party vendors that fall under this umbrella.

By now, you will be fully aware of the fines involved if your organisation was to experience a data breach and your processes and procedures were not up to date. As marketing professionals, it’s your duty of care to ensure that your customer’s data stays safe and that your outgoing communications are fully controlled.

So how can you ensure that those third-party vendors you use for delivering customer communications are reaching not only your high standards, but to the standards set by the GDPR?

Recently, I created two pieces of content to help organisations understand what they need to be asking any third-party vendors. Sitting with our Chief Information Security Officer, we recorded six short videos discussing a variety of data security topics such as: data transfer, business continuity and even how to reduce cyber-attacks. The videos are only 60 seconds long, but each give great insight into what can be, sometimes, a very complex area. You can watch one or all of the videos here:

Validating you Vendor - white paper

Our white paper goes that one step further and offers a greater level of detail, providing more of a toolkit to help organisations make sure that they can fully validate their vendors before any data is transferred. The free white paper can be downloaded straight from our website:

The GDPR states that as a Data Controller, "you must be able to demonstrate that personal data are processed in a transparent manner in relation to the data subject".

It’s important you take the time to fully understand who you are sharing customer data with. You need to be certain that they can protect any data you transfer to them and that they have the systems and procedures in place to remain GDPR compliant.

Hear more from the DMA

Please login to comment.