Introduction to General Data Protection Regulation (GDPR)

In this digitally connected world we all live in, the European Union (EU) has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective on May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed.

This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with an EU resident’s personal data in any manner, irrespective of location, has obligations to protect that data. B2BGateway is well aware of our role in providing the right tools and processes to support our users and customers and to meet their GDPR expectations.

B2BGateway’s Commitment

At B2BGateway, we have always honored our users’ right to data privacy and protection. We have never relied on advertising as a revenue stream. We have never served ads to our users, and we have no plans to post advertisements in the future. This means that we have no necessity to collect and process users’ personal information beyond what is required for the processing of business documents via EDI and through API connections.

Over the years, we have demonstrated our commitment to data privacy and protection by informally adhering to industry standards for ISO 27001 and SOC 2 Type 2. We already have strong Data Processing Agreements, and we are revising them to meet the requirements of the GDPR. B2BGateway participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework with respect to transfer of data to the US. We recognize that the GDPR will help us move towards the highest standards of operations in protecting customer data.

How is B2BGateway preparing for GDPR?

With a cloud based presence in over 20 countries around the world and offices in the US, Ireland and Australia, B2BGateway is gearing up to be GDPR compliant across all of its applications, by the time the regulation goes into effect. As a data processor, B2BGateway understands its obligation to help customers get ready for the deadline. We have thoroughly analyzed all of the GDPR requirements and have put in place a dedicated internal team to drive our organization to meet them. Some of our ongoing initiatives are:

  • Identifying personal data – Although applications for EDI and API data connectivity collect very limited personal data, the minimal data collected has different usage, storage and disposal. Defining the purview of personal data for each of these applications and documenting the various sources of data will go a long way in providing a roadmap for compliance in the days leading up to implementation.
  • Providing visibility and transparency – The most important aspect of GDPR is how the collected data is used. As an EDI and API Connectivity provider, B2BGateway has no internal use for personal data, but may at times be responsible for moving that data from one organization to another for supply chain purposes. B2BGateway’s role is to provide our customers with the minimal amount of sensitive data which will enable them to effectively complete their supply chain cycle. B2BGateway is exploring ways to make optimal product enhancements without compromising on performance so that we can provide better transparency to our customers.
  • Enhancing data integrity and security – Data privacy and data security are two sides of the same coin. As our customers tighten their data security measures, B2BGateway would like to extend a helping hand. We’re streamlining the processes for our cloud applications by implementing IT policies and procedures that provide end-to-end security.
  • Portability and transferability of data – GDPR gives end users the right to view all data received by B2BGateway which may or may not contain personal data.  B2BGateway is working on further enhancing its data access capabilities so that end users will be able to export received data from the B2BGateway system.

What does this mean for our customers?

We understand that meeting the GDPR requirements will take a lot of time and effort. And as your partner, we want to help you make your process as seamless as possible, so that you don’t have to worry about compliance and can focus more on running your business. Some of our product enhancements are about to make it easier for you to:

  • Provide access controls
  • Encrypt, anonymize or delete user data
  • Perform data audits or assessments using data processing logs
  • Create provisions for data subjects rights
  • Enhance security for user data

What should you do to be GDPR-ready?

If you are just getting started with GDPR compliance in your organization, here’s a quick to-do list to keep in mind:

  • Create a data privacy team to oversee GDPR activities and raise awareness
  • Review current security and privacy processes in place & where applicable, revise your contracts with third parties & customers to meet the requirements of the GDPR
  • Identify the Personally Identifiable Information (PII)/Personal data that is being collected
  • Analyze how this information is being processed, stored, retained and deleted
  • Assess the third parties with whom you disclose data
  • Establish procedures to respond to data subjects when they exercise their rights
  • Establish & conduct Privacy Impact Assessment (PIA)
  • Create processes for data breach notification activities
  • Continuous employee awareness is vital to ensure continual compliance to the GDPR

Contact B2BGateway regarding GDPR

All GDPR inquiries should be sent to DPO@B2BGateway.net.