Data sharing is common in the commercial world but it shouldn’t happen without due diligence. It’s not enough to build a culture of continuous privacy compliance within your own organisation. You must make sure that anyone you share personal information with protects personal information as well.
As soon as data leaves your business, you lose an element of control. You are however still responsible if anything goes wrong. Oversharing can be something as simple as sending an email to the wrong recipients, but you leave yourself open to hefty fines from the Information Commissioner’s Office (ICO) and a loss of reputation if your employees don’t take this seriously.
There are lots of situations in daily life where it might feel like our personal information has been mis shared with someone else. In the fourth of our short training videos, the Privacy Guy imagines a scenario whereby you’re reading the news on your notebook. You see an article about someone who supervises children being investigated for having a relationship with a teenager, and do a quick online search about the age of consent in your country. Later that week, you notice ads recommending inappropriate content on your device.
Or how about at work? Perhaps your boss suggests your sales team starts using software that tells you when someone on your prospects list has visited your company website or opened one of your emails. He believes the software will enable the team to target those people with suitable offers at just the right time. But is this as innocent as it seems?
The first step in achieving safe sharing is minimising the amount of sharing that happens. Ask yourself whether it’s really necessary for you to share that personal information with another company in the first place? If the answer is yes, ask the other organisation to complete a risk assessment questionnaire, or do your own investigation into their privacy practices and policies. If you are satisfied, you’ll need to put an appropriate agreement in place before you work together, and audit them periodically.
And don’t forget that your customers have the right to know what personal information you have, what you do with it and to verify that you (and the organisations you share with) are using it in accordance with the legal basis you are relying on to process it.
Find out more next time with our fifth privacy promise – rights of individuals.
Are you building a culture of continuous privacy compliance?
Take our free GDPR compliance health check and receive an objective, personalised report that outlines what you’re doing well and where there’s room for improvement. It takes just 10 minutes, is easy to understand and requires no preparation.