Are you at risk from your suppliers mishandling data breaches?
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
I always think data protection is a bit like housework. It's only when you don’t do it that it becomes noticeable. The dust starts to gather, the floors get sticky, windows get streaky and visitors start refusing offers of cups of tea on (unspoken) health grounds. You only notice the gaps in your data protection practices when something goes wrong and you have to handle the fallout.
That has been the way with data protection in Europe over the past 20 years. Companies mostly muddled along. Very few houses were spotless and no great harm came to most of them.
The GDPR is clearly aiming to change all that. My reading of the legislation is that its adopting a “carrot and stick” approach.
The stick is, of course, the headline-grabbing fines that can be levied on businesses who fail to meet their data protection responsibilities. 4% of global turnover or €20 million is a significant figure for any company. It’s no wonder that a lot of the focus in the press has been on that.
The carrot is more interesting. The GDPR is clearly setting the groundwork for more self-regulation by introducing tools that companies can deploy to ensure compliance. (I’ll cover these tools in more detail through the series. Sign up below so you don’t miss any updates. Contact me if you’d like to suggest a topic).
Companies are wondering what they need to do to be ready for May 25th 2018. No-one wants to be the first to fall foul of the new regulations and get caught up in business limiting headlines themselves.
These THREE GOLDEN RULES will get companies off to a great start.
Of course, it’s easy to make this sound simple and much more difficult to actually apply these rules so that they are effective. None of these activities will happen overnight. There is already a shortage of qualified and knowledgeable DPO so the queue for their services will be long (book now to avoid disappointment!). But I am convinced that the companies who start right now and get these three fundamentals right will be the companies best prepared for DP-Day in May 2018.
Sign-up to receive news and information from Fort Privacy
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
The General Data Protection Regulation is “risk” based legislation. This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities. It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.
Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.