Are you at risk from your suppliers mishandling data breaches?
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
Category: Legal Basis Management / Accountability/Governance
Customer: ANSAC Credit Union
As part of our Data Protection Officer services for ANSAC Credit Union we documented a marketing policy to ensure that the lawful basis for processing was clear for all marketing activities. Marketing in this context was undertaken by the Credit Union on the basis of consent or legitimate interest. For all Legitimate Interest marketing we documented a legitimate interest assessment to ensure that the legitimate interest being pursued by the Credit Union does not outweigh the individual’s right to privacy. The Marketing Policy provides a clear approach for staff to use when undertaking any marketing activity to ensure that the legal basis can be relied upon in each case.
When looking to outsource the DPO role I needed to ensure that whoever we chose we could work with. I find the team in Fort Privacy very approachable and all queries from us are explained in clear English. All work is completed in a timely manner and in consultation with our team here in ANSAC. I have no hesitation in recommending Fort Privacy as an outsourced Data Protection Officer or for once off reviews in relation to Data protection and compliance.
Sign-up to receive news and information from Fort Privacy
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
The General Data Protection Regulation is “risk” based legislation. This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities. It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.
Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.