Are you at risk from your suppliers mishandling data breaches?
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
Category: Data Management / Accountability
Customer: Credit Union Sector
We worked with a number of Credit Unions to document detailed retention policies. This was a complex activity as there are a number of significant pieces of legislation that govern data retention in the Credit Union and it was necessary to identify what regulatory requirements attached to each data record. Many Credit Unions have members whose relationship has spanned more than 50 years and who have only recently undertaken projects to digitise those records. It was also necessary to examine whether records could be digitised and held in digital form only and whether there were still records that needed to be kept in paper form. The result is that the Credit Unions have clear documented guidance around their retention policies enabling them to make better informed decisions about their data management procedures.
Sign-up to receive news and information from Fort Privacy
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
The General Data Protection Regulation is “risk” based legislation. This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities. It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.
Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.