In continuing our blog series on the upcoming General Data Protection Regulation (GDPR), we’re going to spend a few minutes describing the different obligations the GDPR puts on data controllers and data processors, then leave you with a cheat-sheet with some quick action points to help you identify what tasks you, specifically, may need to ensure you have in place for compliance.
But first, some definitions.
The GDPR defines a data controller in Article 4(6) as:
“the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”
Whereas a data processor (Article 4(7)) is:
“the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”
To give a more concrete example: if you’re an online retailer of widgets, and Jane Doe signs up for your mailing list hoping to learn more about your widgets (or maybe to lurk around until you have a sale), you’ll likely collect her email address—and maybe other contact information—when she signs up. Congratulations! You’ve just become a controller of Jane Doe’s personal data. She’s agreed to receive marketing messages from you, and you as the data controller can determine when and how to send those emails.
Now say you don’t actually send your own marketing emails, maybe you hire an email service provider (ESP) to help you craft your content, schedule the emails, and track and report on delivery. The ESP wouldn’t have rights to do whatever they wanted with Jane’s data, they’d only be entitled to help you draft your campaigns, send your emails, etc., at your request. The ESP, in this case, is the data processor.
Down the road, you decide to do a co-branded marketing effort with close Partner A of yours (which in this case is okay, because when Jane signed up, you got her consent to share her data with Partner A for this purpose). Through the negotiation process, you’ve decided to use Partner A’s ESP rather than yours to send the campaign. So you send your subscriber list (including Jane’s data) to your partner, who uploads it into their ESP. The emails get sent.
By virtue of sharing Jane’s data with Partner A for joint marketing activities, you’ve made Partner A a joint controller of Jane’s data. Partner A will continue to use Jane’s data outside the scope of your relationship with Jane. Partner A’s ESP is still a data processor and will have to adhere to both your and Partner A’s requirements, but you’ve also just introduced some complexities to your relationship with Jane that the GDPR will require you to keep track of.
Under the GDPR, as owners of their data, data subjects are granted rights, such as: (Note that this is not a complete list.)
If Jane decides to exercise her rights and asks to have you delete her data, in the single controller-processor paradigm, it’s fairly straightforward. You delete her data from your system and ask your processor (your ESP) to delete it from theirs as well.
However, in the joint controller model, per Article 17(2), you’ll need to not only delete it from your and your processor’s infrastructure, but you’ll also need to:
“take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure”
In other words, you’ll need to keep very careful records of where you sent Jane’s data and initiate data deletion requests on Jane’s behalf to any other joint-controllers who may have her data. Those joint-controllers will then also need to reach out to any processors they use, and delete Jane’s data from those systems as well.
And that’s just the start of your obligations as data processors and controllers of Jane’s information. See below for a quick list of what will be required under the GDPR, along with where you can find more details in the GDPR.
Implement appropriate technical and organizational measures to protect the security of data.
Implement appropriate technical and organizational measures to protect the security of data.
Art. 32 Security of Processing
Principles of Data Processing
Art. 12 Transparent information, communication and modalities for the exercise of the rights of the data subject
Art. 13 Information to be provided where personal data are collected from data subject
Art. 14 Information to be provided where personal data have not been obtained from data subject
Contractual Requirements with Processor
Adopt Data Protection Practices
Retain Records of Processing Activities
Art. 30 Records of Processing Activities
This is a lot to take in, and may seem like a lot of work. But in the long run, it will keep you and your partners in compliance with European law, and keep your data subjects’ rights protected. Looking for more GDPR insight? You can find more information in the GDPR category on our blog and in our on-demand webinar: The Path to GDPR.
Mark Briggs serves as chairman and CEO of Validity, a company he founded in partnership with Silversmith Capital Partners. He has over 25 years of experience building and leading high-growth technology companies with a strong track record of generating exceptional shareholder value. Most recently, Mark served as CEO of ABILITY Network, recognized in the Forbes Cloud 100 as one of the top 100 cloud companies in the world, which was acquired by Inovalon (NASDAQ:INOV) for $1.2 Billion.
Prior to ABILITY, Mark held executive leadership positions at Carefx Corporation, at NaviNet, was the President of MPI Solutions at QuadraMed Corporation, and served as the Chairman and CEO of LinkSoft Technologies, a company that he founded. Mark is a member of the Board of Advisors to the Dartmouth Guarini School of Graduate and Advanced Studies and is a Senior Advisor to Silversmith Capital Partners, a leading Boston based growth-equity firm.
Mark holds a Master’s in theoretical physics and a Bachelor’s degree in physics, both from Dartmouth College.
Wayne Parslow serves as Executive Vice President of Validity for International and is building a world-class sales and go-to-market team to maximize Validity’s opportunities across the UK & Ireland, EMEA, LATAM and APAC. In addition to general management, he is responsible for the development and execution of business plans, go-to-market programs, sales management, strategic partnerships, and public representation for the International markets, and to develop the business at least in line with the aspirations of the US domestic market.
For over 25 years, Wayne has been successfully building, scaling and restructuring international companies in various industries, including document and workflow management, integration and interoperability, web application development, security, access management, eCommerce, business process management and the application of open source and open standards.
Prior to Validity, he served as head of European, Middle Eastern and African markets for global digital identity company, ThreatMetrix.
Wayne received his Bachelor of Science in Applied Science from Kingston University.
Gary Hall serves as the Chief Financial Officer for Validity. Gary has over 20 years of experience leading finance and operational teams at high-growth, technology companies and helping these companies generate significant shareholder value through public and private offerings and successful exits.
Prior to joining Validity, Gary was the Chief Financial Officer of Casa Systems, Inc., a provider of ultra-broadband solutions for mobile, cable, fixed and converged service providers, and helped lead the company through significant growth, culminating in an Initial Public Offering in 2017. Prior to Casa System, Gary was the Chief Financial Officer of eCopy, a provider of document management solutions, which was sold to Nuance Communications in 2009. Gary was also the Controller and then Chief Financial Officer of MatrixOne, a product life-cycle management software company, and he helped lead the company’s Initial Public Offering in 2000 and the sale of the Company to Dassault Systems in 2006. Gary is a Certified Public Accountant and worked at Deloitte, a multinational professional services firm.
Gary holds a M.S. degree in Finance from Bentley University and a B.S. degree in Accounting from Southern New Hampshire University.
Derek Swaim serves as Executive Vice President of Corporate Development for Validity and is responsible for all aspects of corporate development strategy and execution.
Derek brings more than 20 years of corporate transaction experience to Validity. He has advised leading private equity and founder-owned technology companies on domestic and cross-border strategic M&A, leveraged buyouts, and growth equity recapitalizations. Prior to Validity, Derek was a Managing Director at Aeris Partners, a provider of M&A advisory services to software, digital media, and business information companies. Derek also held investment banking positions at Harris Williams, Broadview International, and Goldman Sachs.
Derek has an AB in Economics from Harvard University and an MBA from Dartmouth’s Tuck School of Business.
Bonnie is passionate about excellent customer experience. With a background in marketing, merchandise buying, and retail management, she helps companies stay relevant amid the changing digital landscape.
Bonnie leads the Customer Success team at Validity, the most trusted name in customer data quality. She is an active Email Experience Council committee member, featured speaker for events, and has written for the company blog and TotalRetail.
Don Williams serves as Executive Vice President of Sales for Validity. With over 25 years in the healthcare technology industry, Don has a track record of creating, restructuring, and motivating organizations to consistently exceed sales, financial and operational goals.
Don is focused on client services for the firm, as well as creating a positive culture of accountability, developing and executing growth strategies, and monitoring business operations with attention to cost efficiency.
Prior to Validity, Don served as the SVP of Operations for MedeAnalytics Inc., a leading healthcare analytics company for providers and payers.
Don received his Bachelor of Science in Business Administration from the University of Alabama in Huntsville. He also received his Six Sigma Green Belt Certificate from Villanova University.
Josh Stuber is a customer centric leader focused on delivering value and leveraging customer feedback to ensure long term relationships. Josh currently runs the Validity Global Renewal Team, responsible for spearheading Customer Retention and Renewals across the globe.
In addition to his executive career, Josh serves on the board of West Georgia Habitat for Humanity, a charity that brings people together to build homes, communities and hope for impoverished families.
Scott Ziegler is Validity’s Chief Product Officer. Leveraging input from customers and analyzing market trends, Scott sets the strategic direction for Validity’s product portfolio. Scott joined Validity through the acquisition of Return Path in 2019. He remains active in the email community and the product management community and has presented at industry events.
Before joining Validity, Scott held leadership roles in Product and Engineering at IBM and Ricoh and holds multiple patents. He has a Bachelor of Science in Mathematics with a minor in Computer Science from Muskingum University.
Helen Parslow serves as Vice President of Validity for International managing a world class go-to-market team to maximize Validity’s opportunities across the UK & Ireland, EMEA, LATAM and APAC.
Helen is a seasoned marketing leader who is passionate about building brands and is experienced in developing and executing insights-driven marketing plans and World class event presence that span both our global and international marketing initiatives.
Prior to Validity, she served as Head of Marketing and Business Development at Medeanalytics, EMEA. Marketing data solutions for healthcare unlocking the value of data for better patient outcomes.
Helen received her BA (Honours) Business studies degree from Nottingham Trent University.
Tunc Bolluk is Vice President, APAC for Validity. He is responsible for leading sales and for overseeing general management of the region for the company. Tunc brings his extensive regional experience in the digital sector to support Validity’s clients across their marketing, sales, data & CRM business units.
For over 20 years, Tunc has worked in general management roles in sales, channel/alliance management, and client services. He has extensive experience leading and mentoring sales teams and executing strategic business plans within the Cloud/SaaS, digital, big data and the ad-tech space.
Tunc holds a Bachelor of Computer Science from Macquarie University.
Chris Bryan serves as Vice President of Sales for the UK & Ireland at Validity International managing Validity’s go to market efforts in the region.
Chris brings 27 year’s experience working for technology companies predominantly SaaS based Software Companies. Chris is passionate about enabling everyone to make better fact based, data driven decisions coming from the Business Intelligence and Visual Analytics space (Qlik, Business Objects (SAP), Crystal Decisions) building and developing highly successful Sales & Business Development teams.
Chris is passionate about Sales Best Practice to deliver positive outcomes with excellent service for our customers and supporting his teams personal and professional growth.
Brian Winters brings nearly 20 years’ experience in the marketing technologies field to Validity and has worked for many marketing technology software companies including ExactTarget, Salesforce, and Movable Ink.
He has held positions in Sales, Sales Leadership, Operations, Strategy, and Partnerships. He has provided tactical execution strategies or program deployment guidance for organizations such as Intel Corporation, Motorola, and 3M amongst many others. He is truly passionate about the positive impact that a well-designed, deployed, and executed partner program can bring to an organization and is considered to be a thought leader in the development of indirect sales channels within the SaaS industry.
At Validity, he leads our efforts to develop programs that empower partners to best leverage Validity technology and solutions for our customers.
As Senior Vice President of Technical Operations, Chris manages PreSales, Sales Enablement and Customer Success teams across Validity’s International business.
One of the first International employees of Validity, Chris brings 25+ years experience as an individual contributor and leader in Pre-Sales, Product Specialist, and Customer Success roles across multiple startup and large enterprise software companies.
With a passion for technology, Chris is a regular contributor to events, blogs and an active member of the International Salesforce Community.
Cecilia Belele serves as Vice President for LATAM. She is responsible for leading sales team and also oversees general management of the region.
Previously she served as Regional Director for Return Path and earlier as Channel Director responsible to develop the partner program for LATAM Region. With an extensive experience leading sales teams and executing strategic business plans she helps Validity to increase its presence in Latam market.
Cecilia has Bachelor of Economy with an MBA for Business and Technology Management
Kevin Randall serves as the Head of the Integration and Project Management offices at Validity. Kevin brings 15 years of experience in Integration, Portfolio, Operations, and IT Service Management as well as a track record of developing the teams, processes, and systems to scale growth oriented organizations.
Kevin received his Bachelors from Bentley University in Waltham MA.
Guy is a passionate advocate for intelligent use of customer data to drive responsive sales and marketing programs. With a knowledge base spanning twenty years, he is globally recognized as an email & data expert and thought leader.
Over the past decade Guy led Return Path’s global consulting team and worked with world-famous clients across 6 continents to improve their email delivery, subscriber engagement and revenue.
Now Validity’s VP for Customer Engagement (International), he continues to explore his passion for email and data and share it with his clients to maximise their program value. He’s a strong believer in giving back to his community, speaking at flagship events, providing training, and producing fresh and insightful thought leadership.
Outside of work, Guy has had long-term involvement with the DMA, currently sitting on the email council and involved with key pieces of research. He is a regular contributor to the industry press, and a 3-time finalist as data storyteller of the year!
Alex Rubin serves as Vice President Business Development at Validity. He is responsible for data acquisition efforts including mailbox provider and filtering company relationships. Alex has worked in leadership roles at several successful start-ups including Return Path (acquired by Validity), RemarQ (acquired by Critical Path), and Rocket Science Games (acquired by Sega Software).
Alex was born, raised and currently lives in San Francisco, CA. He holds a BA from UC Berkeley and an MBA from UCLA.
Brendan Peregrine serves as the Vice President of North American Sales for the midmarket. Brendan has spent the last 12 years in sales leadership roles, building process driven teams that achieve results.
With a background in data and years of working in data related business, Brendan is passionate about coaching problem solving skills in the data and world with his teams. Previously Brendan served as Vice President of Sales at Greenway Health, after spending 10 years in operations and services roles.
Elaine Ginsberg serves as Vice President Sales Operations. Elaine brings over 25 years of operations, sales and product experience to Validity. She has a solid track record building organization infrastructure and executing programs utilizing process, technology and employee engagement to drive rapid growth.
Prior to Validity, Elaine served as SVP Customer Operations & Success for ABILITY Network, a leading healthcare technology company, recently acquired by Inovalon; and held leadership roles with Vitera Healthcare Solutions, Sage Healthcare and Emdeon.
Tom Bartel is Validity’s Senior Vice President of Data Services. Tom has more than 20 years of email delivery, data, technology, operations, and privacy experience. He most recently joined Return Path through its acquisition of ThreatWave, where he served as CEO/Founder. Prior to that, he has held roles at Return Path, MessageMedia (acquired by DoubleClick), and founded several other startups.
Tom is actively involved in key industry organizations, such M3AAWG and ESPC, and advises start-ups and non-profits. Tom has a Bachelor in Speech Communication from Colorado State University.
Karen Friedrich serves as Vice President of Enterprise and Channel Sales for North America. With over 15 years’ experience in enterprise software sales and strategy, Karen has a track record of success in both the private and public sector markets including sales management, product strategy, marketing, channel management, and solution deployment. Karen brings an entrepreneurial drive, strong relationship development skills, and credibility gained through sales and operational experience.
Prior to joining Validity in 2018, Karen served as VP of Channel Sales at MedeAnalytics, Inc. a leading analytics company for providers and payers, and held sales leadership roles at Harris Corporation, Carefx Corporation, and WebMD.
Serving as Validity’s CIO, Steve Doyle is responsible for creating and executing upon the business-aligned vision and roadmap for Information Technology systems and solutions at Validity, including IT Corporate Services, telephony, corporate networking, and Core Business Systems. Steve brings more than 25 years of prior industry experience in a variety of IT roles, all in High Tech, SaaS-based industries.
Prior to joining Validity, Steve was Vice President of IT & Business Systems for Endurance International Group, where he oversaw Corporate IT, Infrastructure, CRM, Data Warehouse, and other mission-critical business applications for Endurance’s 4,000+ employees, globally.
As Vice President of Strategy & Corporate Development, Lily is responsible for developing and executing cross-organizational strategies that drive scale and growth for Validity.
Lily started her career as a consultant at PwC, and has since moved into high-growth technology startups where she has held various leadership positions at industry-leading SaaS companies. Prior to Validity, Lily ran Strategic Partnerships for Optoro – a VC-backed reverse logistics company – where she was responsible for the company’s channel revenue and network of distribution partners. Before that, she was the Co-Founder and COO of Aspire – a tech-enabled employee engagement company – where she managed all business strategy and operations. Aspire was acquired by Raffa, P.C., now a part of Marcum LLP.
Lily graduated Summa Cum Laude from Georgetown University with a BSBA in Finance and Chinese. Hoya Saxa!
Michael Fairchild serves as the Vice President of Financial Planning & Analysis for Validity and brings to us his expertise regarding all aspects of strategic corporate financial planning, and valuable analysis which drives business decisions.
Michael brings 12+ years of financial experience in SaaS technology companies, ranging from start-up companies to large enterprise technology companies. Prior to Validity, Michael supported the growth of a Rhode Island based start-up, from venture backed to private equity sponsorship. Additionally, he spent 5+ years in various roles at IBM in the SaaS finance group, where he supported mergers & acquisitions, integration, and growth of over 10 acquired technology companies into a single business unit.
Michael holds a Master’s of Business Administration from Suffolk University’s Sawyer Business School and a degree in economics from Dickinson College.
Jeremy has over 20 years of strategic sales and customer growth experience, with over a decade of leadership roles within high-growth SAS organizations. He has a passion for growing retention rates and new customer revenue and is driven to empower his teams to exceed goals. A graduate of Auburn University, Jeremy is an avid sports fan and enjoys golfing in his free time.
Diane Gordon is an accomplished C-level executive with over 25 years of driving retention and growth by creating scalable infrastructure in support of profitable P&Ls and customer loyalty, the basis for minimizing churn. She designs and leads the development of market-leading products, programs and solutions, achieving high growth, while ensuring customer loyalty, and healthy renewal and NCVI rates for technology companies. Diane’s career includes executive roles in customer care, operations, marketing, product development, product management and corporate development.
As Vice President of Product Management at Validity, Greg is responsible for the business’s email deliverability, certification, validation, creative, and API solutions. He works closely with industry operators, customers, and data analytics to drive an informed product strategy from concept to completion.
Greg has BSBAs in Economics, Finance and Real Estate from University of Denver and an MBA from Dartmouth’s Tuck School of Business.
As Senior Vice President of Marketing, Kate leads all of Validity’s marketing efforts.
Prior to Validity, Kate was Vice President of Marketing at Drift, where she discovered her passion for helping and marketing to sales professionals and marketers. While there, Kate built the demand generation function from the ground up, achieving more than 200% in pipeline growth. Before Drift, Kate led the demand generation and marketing operations teams at SmartBear, where she managed the pipeline generation for a portfolio of more than 20 products.
Kate has also led marketing and product for a number of early stage startups ranging in size and industry, from education and healthcare to employee engagement. She is passionate about bringing businesses to life in the hearts and minds of prospects and customers by creating amazing customer experiences across the entire customer lifecycle.
Kate holds a Bachelor’s degree in Spanish Language and Literature from Regis College.
As Senior Corporate Counsel, Eduardo owns the global legal function at Validity.
Eduardo has practiced law for more than 20 years in both corporate and law firm environments. Eduardo has broad legal experience in SaaS commercial transactions, risk management, M&A, due diligence, entity and product integrations, intellectual property, data privacy, regulatory compliance, and corporate governance.
Eduardo has an LL.M. in Securities and Financial Regulation from Georgetown University Law Center, a J.D. from the University of Pittsburgh School of Law, and a B.A. from the University of Dallas.
Jim co-founded Silversmith Capital Partners in 2015. At Silversmith, Jim focuses on investments across the firm’s two core verticals, SaaS & Information Services and Healthcare IT & Services. He currently serves on the Board of Directors of Absorb Software, Centauri Health Solutions, Impact, PDFTron Systems, RedAwning Group, and Validity. Jim first worked with his partner Todd MacLean at Summit Partners in 1996.
Jim spent 15 years as a growth equity investor prior to co-founding Silversmith. Jim joined Spectrum Equity in 2002 and became a Managing Director in 2009. At Spectrum Equity, Jim sourced, led, and served on the board of numerous enterprise SaaS, information services, and healthcare IT companies. Investments of note included MedHOK (acquired by Hearst), Net Health (Chairman of the Board, acquired by Carlyle), and Passport Health Communications (acquired by Experian).
Jim received an AB, magna cum laude, in English & American Literature from Harvard College (1997). At Harvard he was nominated by the College for a Rhodes Scholarship and awarded the John P. Reardon Jr. Award as the class’ most outstanding scholar-athlete.
Jim lives with his family in Boston. Since 1997, he has served on the Advisory Board of the Harvard Varsity Club.
Sri joined Silversmith Capital Partners in 2015 and is a General Partner. At Silversmith, Sri focuses on investments in SaaS & Information Services, including sales, marketing and customer service related technology companies. His investment experience at Silversmith includes ActiveCampaign, DistroKid, Impact, PDFTron Systems, RedAwning Group, and Validity.
Prior to Silversmith, Sri was Senior Director of Advertising Products at salesforce.com where he served in various roles to create and scale the Salesforce Marketing Cloud business unit after joining Salesforce through its acquisition of Buddy Media. Prior to Buddy Media, Sri was an Associate at TA Associates and an Analyst with Jefferies Technology Investment Banking group.
He graduated from the Jerome Fisher Program in Management and Technology at the University of Pennsylvania with a BS from The Wharton School and a BAS from the School of Engineering and Applied Science.
Mike Volpe is the CEO at Lola.com, a business travel website that aligns managed travel policies with employee preferences for organizations to have a more controlled, yet fun, travel experience. Prior to Lola.com, Volpe was the CMO for HubSpot helping the company grow from a dozen beta customers to over 15,000 customers, 1,000 employees, $150 million in revenue, and creating an IPO leading to a $1.7 billion market cap.
Volpe has made more than 25 angel investments with 4 exits including HubSpot, Cybereason, Locately, GroSocial and ThriveHive through Operator.VC. He serves as an advisor to a number of companies and is on the board of directors of Repsly, a mobile CRM company and was on the board of Attend until they were acquired by Event Farm. Volpe has built his career in marketing at a number of different startups in Boston and San Francisco.
Mark Hastings is the Founder and CEO of Providence Strategic Growth. PSG has approximately $5B in AUM and has invested in over 200 software companies in North America and Europe. The firm is headquartered in Boston, MA and has offices in London, UK and Kansas City, MO. He received a Master of Business Administration from the Wharton School at the University of Pennsylvania and a Bachelor of Arts from Colorado College.
Tom Reardon joined Providence Strategic Growth in 2015 and is a managing director. Mr. Reardon is currently a director of FluentStream, Formstack, INE, LogicMonitor, ShootProof, SignUpGenius and Skybox Security. Prior to PSG, Mr. Reardon was a general partner at WestView Capital Partners, where he focused on software and technology-enabled business service investments. Before WestView, he was a director at CIBC Capital Partners. Mr. Reardon received a Master of Business Administration from Harvard Business School and a Bachelor of Arts from Harvard College.