Axeptio Partners

Help your customers,
increase your revenues

GDPR imposes specific obligations on subcontractors whose liability may be incurred in the event of a breach. Because you are not all lawyers and because your schedule is already full, Axeptio allows you to secure your business while generating new revenue without effort

#1 - GDPR compliance:
Am I really concerned ?

Since you have participated in the creation of their website, your clients naturally turn to you to make the necessary changes in the RGPD. To simplify the task for digital marketing professionals, the CNIL has published a guide for the subcontractor which highlights 3 new reflexes to adopt.

THE 3 COMMANDMENTS

1.

I help my clients to ensure compliance with data protection, notification of violation and impact analysis obligations.

2.

When a person exercises his rights, I help my clients to follow up their requests (access, rectification, deletion, portability, opposition, specific request).

3.

If, in your opinion, your client's instructions constitute a violation of the data protection rules, you must inform him immediately.

#2 - Your obligations
as a subcontractor

Concretely, you will have to adopt new practices before,
during and after each of your interventions.

BEFORE ...
Concrete commitments

- Establish with your client a contract or other legal act specifying the obligations of each party.

- Write down the instructions of your client regarding the processing of his data to prove that you are acting "on instruction".

- Ask for the written authorization of your client if, as a subcontractor, you are calling a subcontractor yourself.

DURING ...
New reflexes

- Obtain the informed consent of visitors to the site and respect the principles of minimization (collect only the necessary).

- Take into account the new rights of people (right of withdrawal, portability, transparency of data collected, ...).

- Set up the HTTPS to ensure the confidentiality and integrity of the data sent.

AFTER ...
Advanced security

- You must notify your client of any violation of his data.

- You must take all measures to ensure a level of security adapted to the risks.

- At the end of your service, you must delete all the data or send it back to your client.

#3 - The collection of consent:
a building site not to be neglected

Consent is the most sensitive piece in this plan of action. More than just a checkbox, a real technical project is hiding behind. Indeed, the requirements of the legislator in terms of information and ergonomics are such that it is easy to invalidate an entire customer base for a single breach during collection. Much more than a compliance, it is also a marketing challenge. After experiencing mass marketing then personalized marketing, we go straight to a chosen marketing where legal design will gradually become a global standard.

#4 - A real business opportunity,
by integrating Axeptio into a turnkey offer

Your customers expect a complete intervention to ensure their security: It is interesting to integrate Axeptio into a more global proposal around RGPD compliance: Strengthening security (https ...), updating consents and creating an interface control (with Axeptio), review of contractual documents, employee awareness of privacy, ...

To help you get this new market, Axeptio teams have designed white label tools that you can download and use for free.