Santa GDPR Wish List

Dear Santa, strike that, Dear Data Software Supplier, please can I have…

What ought to be on your wish list for the big day

Okay, we’re going to admit it – when you love data collection and data protection as much as we do here at Databasix, every day feels like Christmas! There, we’ve said it (now please don’t unsubscribe).

So, in the same way that children everywhere have been busy writing their Christmas lists to Santa, we thought it’d be a good idea to help you write your adult wish list for the big day on the 25th.

The 25th May, that is. GDPR Day.

Are my data software suppliers ready for the 25th May?

When we’ve been speaking to businesses about GDPR, there’s one area that people seem particularly unsure about: how do you know that the companies you’ve entrusted to look after and process your data (such as Dropbox, MailChimp, Google – other providers are available, of course) have stringent procedures and safeguards in place to keep it secure for you?

Just because they’re huge, global organisations doesn’t mean you can’t engage with them. After all, you are their client.

Do they instil you with confidence?

And what sort of practical questions should you be asking them to reinforce that?

Please can I have…

In the spirit of giving, then, here’s our list of suggestions for the things you ought to check.

First, the legislation stuff…

  • What are they doing/have they done to be GDPR-compliant?
  • Can they share a copy of their Data Protection Policy with you?
  • How well does the contract between the two of you protect your interests?
  • Where are their servers actually housed – inside or outside of the EU? (If in a non-EU country, do they still adhere to UK data protection laws? E.g. For data stored in the USA, a UK-US agreement called Privacy Shield covers this, but it’s still good to check whether they’re signed up to it.)

And then the more practical angles covering security and awareness:

  • What sort of physical and technical security protects their servers?
  • How often do their staff receive data protection training?
  • Who has access to the servers and/or data?
  • Do they sub-contract your data processing to third parties? (If so, how watertight are the third party’s procedures and processes?)
  • Is access to your data user-based permission only?
  • How comprehensive are their back-up systems? (E.g. When was the last time/how often do they back up your data, and how far back can they go to retrieve it?)
  • Have they ever experienced a data breach, or are there any perceived technical or operational weak links? (If so, what did they do/are they doing to address it/them?)
  • In the event of a data breach, how will they support you...?

These questions aren’t exhaustive. You should find, though, that they’ll help you to come up with other queries, as well as getting you to reflect on your own processes.

So, will you be ready for the big day?

We hope so. Follow these guidelines and you’ll have another data protection area ticked off your list.

And if you’re not quite there yet, or still have some way to go, why not get in touch so we can help you? It’s not too late, yet!

Either way, by the time you wake up on the 25th May, we hope you can sit back with a seasonal sherry and toast how sorted you are, satisfied that you got everything you always wanted on GDPR Day.

…Not rushing around like a frantic shopper on Christmas Eve looking for a service station that’s still open. Now that wouldn’t be very ‘elfy, would it?

Have a very merry Christmas!

Until next year...

Latest News & Events

How Many Data Protection Principles Are There?

The data protection principles are laid out and explained in Article 5 of the UK GDPR. These principles are the backbone of data protection, outlining the essentials to being compliant with GDPR when handling data, and your approach to processing personal data should be intrinsically tied to these principles.

Read more

Register for News from Databasix

If you would like to stay up to date with the latest news and events from Databasix please click below, add your details and you will be added to our mailing list.

Contact Databasix

Email info@dbxuk.com
Tel 01235 838507

Databasix UK Ltd
is a registered company in England & Wales
Registration No. 08771007

Harwell Innovation Centre
Building 173
Curie Avenue
Harwell Oxford
Didcot
Oxfordshire
OX11 0QG