Dear Santa, strike that, Dear Data Software Supplier, please can I have…
What ought to be on your wish list for the big day
Okay, we’re going to admit it – when you love data collection and data protection as much as we do here at Databasix, every day feels like Christmas! There, we’ve said it (now please don’t unsubscribe).
So, in the same way that children everywhere have been busy writing their Christmas lists to Santa, we thought it’d be a good idea to help you write your adult wish list for the big day on the 25th.
The 25th May, that is. GDPR Day.
Are my data software suppliers ready for the 25th May?
When we’ve been speaking to businesses about GDPR, there’s one area that people seem particularly unsure about: how do you know that the companies you’ve entrusted to look after and process your data (such as Dropbox, MailChimp, Google – other providers are available, of course) have stringent procedures and safeguards in place to keep it secure for you?
Just because they’re huge, global organisations doesn’t mean you can’t engage with them. After all, you are their client.
Do they instil you with confidence?
And what sort of practical questions should you be asking them to reinforce that?
Please can I have…
In the spirit of giving, then, here’s our list of suggestions for the things you ought to check.
First, the legislation stuff…
- What are they doing/have they done to be GDPR-compliant?
- Can they share a copy of their Data Protection Policy with you?
- How well does the contract between the two of you protect your interests?
- Where are their servers actually housed – inside or outside of the EU? (If in a non-EU country, do they still adhere to UK data protection laws? E.g. For data stored in the USA, a UK-US agreement called Privacy Shield covers this, but it’s still good to check whether they’re signed up to it.)
And then the more practical angles covering security and awareness:
- What sort of physical and technical security protects their servers?
- How often do their staff receive data protection training?
- Who has access to the servers and/or data?
- Do they sub-contract your data processing to third parties? (If so, how watertight are the third party’s procedures and processes?)
- Is access to your data user-based permission only?
- How comprehensive are their back-up systems? (E.g. When was the last time/how often do they back up your data, and how far back can they go to retrieve it?)
- Have they ever experienced a data breach, or are there any perceived technical or operational weak links? (If so, what did they do/are they doing to address it/them?)
- In the event of a data breach, how will they support you...?
These questions aren’t exhaustive. You should find, though, that they’ll help you to come up with other queries, as well as getting you to reflect on your own processes.
So, will you be ready for the big day?
We hope so. Follow these guidelines and you’ll have another data protection area ticked off your list.
And if you’re not quite there yet, or still have some way to go, why not get in touch so we can help you? It’s not too late, yet!
Either way, by the time you wake up on the 25th May, we hope you can sit back with a seasonal sherry and toast how sorted you are, satisfied that you got everything you always wanted on GDPR Day.
…Not rushing around like a frantic shopper on Christmas Eve looking for a service station that’s still open. Now that wouldn’t be very ‘elfy, would it?
Have a very merry Christmas!
Until next year...
