Ingram Micro is a a global technology and supply chain services leader helping businesses realize the promise of technology. Through a spectrum of global technology solutions and supply chain services, businesses across the globe use Ingram Micro’s mobility, cloud and supply chain solutions to operate efficiently and successfully in the markets they serve.
With the passage of the GDPR, Ingram Micro understood there was an increasing risk impacting the company’s privacy practices. To prepare its global privacy program for GDPR, Ingram Micro hired Aaron Mendelsohn in 2016 as the Chief Data Privacy Officer. “We felt that if we could build a program based on GDPR compliance we’d be addressing 90 percent of the data frameworks and legal obligations worldwide,” he said. “We decided let’s get it right with GDPR in Europe and apply those solutions, processes and policies globally within the organization.”
Changing the mindset: a business-focused operation toward personal data protection
Ingram Micro’s operations are primarily B2B transactions. Mendelsohn understood, however, that B2B businesses also collect and process personal data under the GDPR – including employee records and business contacts and end users delivered to Ingram Micro from reseller networks.
“One of the first challenges was to shift the cultural mindset,” he explained. “We don’t deal with personal data in the same way as a lot of other technology companies. Internal education was required for the company to realize that we do process personal data and that we needed to get the tools in place to understand and manage the GDPR risk to the organization.”
Mendelsohn then took a proactive approach to Ingram Micro’s GDPR program. In the two years leading up to the GDPR deadline, he engaged with technology vendors, service providers, legal professionals and professional services to ensure Ingram Micro developed a privacy program with a strong foundation to implement compliance and position the company in the best defensible position.