Are you at risk from your suppliers mishandling data breaches?
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
Category: Accountability / Data Transfer Management / Breach Management
Customer: SaaS Provider
We worked with this SaaS Provider over a 6 month period to ensure compliance activities are in order and set up a framework for ongoing compliance. One of the key requirements of the GDPR is the ability to demonstrate compliance. We provided all template policies and procedures that the organisation needed and helped them to implement these policies. This included, Record of Processing Activities, Data Protection Policies, Retention Schedule, Breach Management Policies and Procedures and documented Technical and Organisation Measures. We also provided Data Processing Agreements to cover data transfer requirements. At the end of the 6 months the company had a very clear compliance framework in place and was able to provide any customer undertaking due diligence with comprehensive evidence to demonstrate its compliance activities.
Sign-up to receive news and information from Fort Privacy
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
The General Data Protection Regulation is “risk” based legislation. This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities. It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.
Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.