Due to the complex and all-encompassing nature of the GDPR directive, Trillium has implemented a three-tiered approach to GDPR:
Looking at how we store and manage our own data first, Trillium is in the process of defining and addressing internal data, both as a controller and processor. Specifically, we will be addressing how we manage the retention of any customer data within our network. We are striving to achieve compliance on this aspect by the end of October 2017. We recognise that completing this exercise early will allow us to better assist our clients on this topic in the future.
We are also reviewing our agreements to establish the legal frameworks needed to enable the contractual requirements needed for us to be regarded as a Processor for clients. Existing agreements will receive addendums in early 2018.
As providers of core data management platforms, both CRM and Website, we are developing a standardised approach to the management of data within these systems that is better aligned with the GDPR principles. In addition, we will be providing a set of tools to help manage data more effectively and deal with any issues both proactively and reactively. We will be working with our platform providers and partners e.g. Microsoft, Sitecore, Umbraco, dotMailer, etc. to ensure the solutions and tools are complementary and work with their approaches to GDPR compliance.
These tools will be included in any new software releases from November onwards and available to existing customers from January 2018.
We recognise that we play a key role in helping our clients better understand the practicalities of how GDPR impacts their organisations and providing any need consulting to help them obtain a practical level of GDPR preparedness. We will shortly be hosting preparation workshops for clients to create a framework on which they can base their GDPR strategies if needed. We have assembled a team of external consultants to assist in this. These consultants are experts in the legal and membership association specific areas.
We will begin a process of analysing each of our clients environments that are known to us and suggesting some technical courses of action that might be required for each to better their GDPR preparedness in the coming months.
These workshops and consulting sessions will begin in September and be hosted quarterly to update and support customers through the process. We will also be providing a monthly newsletter bulletin to clients updating them on any new developments.
While we recognise the challenge this represents to our clients, specifically those in the membership and charity sector, we strongly feel that the industry as a whole will benefit from better management of their members, donors and stakeholder personal data.