11 things to consider when looking for a GDPR partner

11 things to consider when looking for a GDPR partner

Everybody is talking about GDPR compliance. With only 8 months to go before it comes into force, companies around the world are considering solutions to help them get compliant. The crackdown on the use of personal information relating to customers and employees is something that affects whole businesses, not just the marketing and HR departments. So how can you make sure that your chosen GDPR partner has your best interests at heart?  

We’ve compiled a list of 11 key things to look out for when looking for somebody to help you tackle your GDPR compliance.

1) How long have they been talking about compliance? 

GDPR may be the hot topic of the day but compliance and regulation is something that has affected IT departments in some sectors for years. The better GDPR partners will have this wealth of knowledge and experience under their belts already. We recommend using a company who has a good portfolio of banking, legal and insurance clients.


2) Vendors and partners

Businesses that act as a vendor and partner are great choices. For example, if the company you choose is a Microsoft, Veritas or even a Google partner you can be sure that you’ll receive a great value service. Operating by default as an extension of the product offering, services and values of these tech giants who will have GDPR compliance at the forefront of their wider business strategies.


3) ISO 27001

The GDPR encourages the use of certification schemes like ISO 27001 – the international best practice standard for IT. Companies who comply to ISO 27001 deliver the appropriate technical controls, policies, procedures and promote a culture of awareness of information security will make sure that data security is enhanced not only throughout their business, but yours too. Achieving ISO certification is a great way of proving to the regulator that you have taken the necessary steps to comply with the data security requirements of the GDPR.



Your partner should follow ITIL best practices and help you use it to implement and adapt your processes for GDPR compliance. As part of the GDPR you will need to have mechanisms in place to deal with customer requests – for example requests for erasure. ITIL will ensure that you have a great request fulfilment process in place to deal with the volume of requests you may receive.


5) Have they worked in/with regulated environments before?

A partner who has worked with clients who already comply with industry regulation will know that GDPR compliance means much more than just data discovery. True experts will understand the bigger picture and advise you on the best way forward based on their knowledge and experience of working in regulated environments.


6) Subject matter experts

It’s a given really that anybody you’re bringing on board to help you get compliant should be an expert. Knowing about GDPR is one thing, but having hands-on experience, great relationships with other experts in the field and access to specialist tools really set apart the very best.


7) Are they themselves GDPR compliant?

There is no point in investing your valuable time and money in a company who isn’t GDPR compliant themselves. Thought leaders and GDPR innovators will always be the companies who lead by example – simple!


8) Will they ACTUALLY help me become GDPR compliant?

As we mentioned, there is a lot of stuff out there and many companies are offering to get you compliant, but will their product actually help you? Different types of businesses will hold different kinds of data. The more knowledgeable in the industry will not offer a one size fits all product.


9) Are they enabled to work with a variety of technologies/IT systems?

Your GDPR partner might have the tools to get 5000 Microsoft users compliant but may not be set up to work with the specific IT systems YOU have in place. Maybe you use a range of different systems and tools and need somebody who can adapt their process accordingly. Make sure that the partner you choose can truly help you achieve each of the aims and objectives set out in your GDPR plan. Compromising on service could land your business with a huge fine.


10) Ongoing support to get compliant, and STAY compliant

So you’ve invested in getting your company GDPR compliant, great! But what now? Many companies do not offer legacy support after their solutions have been delivered. Find somebody who will help you STAY compliant and make it a fundamental action point of any service you consider.


11) People and processes

Getting the data and the technology in your company aligned with the GDPR is probably the easiest part of the wider change involved in becoming compliant. The best value services on the market will be all encompassing –  helping you manage the people and the processes that make up your business to ensure that you are getting the best out of your investment. 

Find out more about our GDPR services here


Blogs,Compliance, Governance and Resilience,

2nd October 2017

Isobell Lawrence

back to knowledge hub