GDPR checklist • step 2

The tricky part.

You are not collecting (new) personal data, but you are sharing personal data. This is a tricky part within the GDPR.

You have to retroactively ask consent to your clients and tell them the purpose of sharing these data with us. If you do have consent, then it is important that you are cautious in the way of sharing this data. Don’t just email an Excel sheet full of personal data. This is sensitive information and needs to be handled with care. Make sure you use a secure way of sharing data with us. You are now the controller* of the data. This makes you responsible and you have to be compliant with the GDPR.

* “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, that determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.