Are you at risk from your suppliers mishandling data breaches?
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
Category: Transparency
Customer: Client with multiple websites
We worked with a number of clients who have multiple websites including one software supplier who develops a framework (white-label) website that is branded and tailored by over 200 clients as part of the end-service delivery to their customers. The software supplier needed to implement a standardised and centrally managed cookie solution while their clients usually tailored the website content to their customers and this resulted in different cookies being used on different websites. We enabled the software supplier and all of their clients to achieve cookie compliance. We identified clear parameters within which the clients could tailor their websites and established some ground rules about the use of plugins that allowed flexibility without breaking the compliance solution. We delivered layered transparency statements and we provided the software supplier clients with guidance and checklists to manage and validate their own compliance on an ongoing basis. We had a proud moment when one of our software supplier clients websites was held up as an example of best-in-class cookie management on a webinar we were attending – and we can promise no money had changed hands!
Sign-up to receive news and information from Fort Privacy
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
The General Data Protection Regulation is “risk” based legislation. This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities. It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.
Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.