Individuals give their personal information to organisations like yours because they trust you. Organisations like yours then share that personal information with organisations that individuals know little about. It is often these organisations that suffer data breaches which cause your organisation reputational damage and regulatory headaches.
Those organisations might be third party hosted SAAS platforms. They may be software development companies. They may be events organisers. They may be online marketing companies. There are lots of examples where personal data leaves your organisation and, as such, you lose physical control of that data.
How you really know who you share your data with
You make a list. Ask Finance for a list of those companies that you are paying. From that list cross out the ones that you are not sharing personal data with. Then think about who pays you. Categorise them and work out which of those you are sharing personal data with. Add those organisations to your list.
Finally, take the list and ask relevant people across your organisation whether the list is accurate and complete. Update it regularly and keep it accurate.
How you really make sure that other organisations are safe
Take your list and makes sure that you have investigated whether each organisation on it is a safe organisation to share data with. Use questionnaires. For larger organisations who won’t complete your questionnaires look at their websites to see what they say about keeping personal data safe. If they are a US company, are they Privacy Shield certified?
Make sure that you have a data processing agreement in place with each organisation on your list. That can either be a standalone agreement, or an appendix or amendment to existing commercial terms.
How you really demonstrate that you can trust other organisations
Ideally, you have one place from which you can demonstrate your compliance. You may need to demonstrate that compliance to regulators. You may want to demonstrate that compliance to a potential customer, business partner, investor or purchaser of your business. The Privacy Compliance Hub enables you to own your compliance and show that compliance to anyone you need to convince. It is simple and easy to use. Feel free to take a look.
This article is part of an eight part series. Feel free to check out the others:
GDPR : Are you sure you’re fine?
- Are you sure your staff know why the GDPR is important to the success of your organisation?
- Are you sure you know what you do with people’s data?
- Are you sure you tell people what you do with their data?
- Are you sure you trust organisations that you are sharing data with?
- Are you sure that nobody will complain?
- Are you sure you’re secure?
- Are you sure you know which countries keep data safe?
- Are you sure you build products and services with privacy in mind?