Are you at risk from your suppliers mishandling data breaches?
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
Documenting a Record of Processing Activity
Category: Accountability / Governance / Security Management
Customer: Healthcare Distributor of products and services
Working as DPO with this distributor of healthcare products and services with companies across Europe we worked on a project to meet the Article 30 requirements of the GDPR. This was a big project taking well over 6 months. The companies in the group operate as controller and processor across a diverse range of processing activities. One of the more challenging aspects of this project was the processor ROPA as the companies in the group work with hundreds of controller customers. The challenge is not just in documenting the processor ROPA but ensuring that is maintainable in an ever-changing business landscape. The project has driven better understanding of the organisations processing activities and will help to drive compliance going forward particularly in the areas of data transfer and security.
Join Our Newsletter
Sign-up to receive news and information from Fort Privacy
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
Ode to DPO’s managing GDPR risk
The General Data Protection Regulation is “risk” based legislation. This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities. It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.
Get your head above the crowd and KPI your Data Protection Programme
Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.