Get Free Downloads
Start your GDPR today in just a few clicks
      
Get Free Downloads
Start your GDPR today in just a few clicks

Are your suppliers GDPR compliant?

Tagged with GDPR HELP, GDPR ADVICE, SUPPLIER COMPLIANCE, GDPR
by Adam Brogden
in Blog

16-Apr-2019 11:19

GDPR requires you to protect the data you collect from your data subjects and only use the data for the reason it was collected. You need to be transparent and the use of the data and of course need to respect the rights of these people. So when you share this information with another company for whatever reason, you need to ensure that those companies are also going to respect those rights.

Almost every company will share data with another company, even if it is just your accountant, delivery company, or IT company it is more than likely that you share data with someone. Unfortunately almost every time we run due-diligence checks on behalf of our clients we find that companies are not compliant so you need to be very careful.

Here are a few tips:

  1. Make sure your Privacy Policy makes it clear who you share data with, you don’t necessarily have to list every company but make sure they understand that their data will be shared.

  2. Definitely check you have appropriate contract terms and conditions in place. These are vital!

  3. Clarify roles and responsibilities with these companies. For example, what would you do if you received a SAR? Do you have an appropriate agreement in place to allow you to extract the information from suppliers if you need?

  4. Do your due-diligence. Check that these companies are GDPR compliance. Ask them for their GDPR policies. You need their Privacy Policy and SAR process but think about which documents are important and ask for copies of these.

  5. Send a GDPR Compliance checklist. Get them to complete and return it to you.

Don’t forget that as the Data Controller you are ultimately responsible for how this data is shared and unfortunately you may be accountable if it is abused.

Don’t risk fines and enforcement action. Do your due-diligence, check your contracts, run a few tests just to be sure.

Call us anytime if you want to discuss.

Good Luck All!