Swisscom Partner Breach — 800,000 Customers — How To Get Supplier GDPR Compliance
800,000 customers of Swisscom had their personal information leaked when a supplier’s access credentials were “misappropriated.” That’s bad news for those 800,000 people, bad PR for Swisscom, and bad business for the supplier. And with GDPR implementation only a few months away, it is a stark warning: YOU are responsible for your suppliers. They must be compliant with the GDPR, because if your customers’ data is compromised due to their fault, you are still responsible. So, get started now to ensure that your suppliers are GDPR-compliant. Alpin can help by automating the process.
Which Suppliers Must Be GDPR-Compliant?
Any supplier that processes or stores personal data. That can include companies that you rely on for a wide variety of common services. A few examples include:
- Website analytics that record IP addresses, visitor behavior, “contact us” form content, etc.
- Marketing and sales CRM databases
- Email services
- Chart creation software that has access to personal information
- File storage and sharing containing spreadsheets, databases and documents that contain personal information
- Calendar helpers that access contact lists (e.g., to make it easier to set appointments)
- Contact helpers (e.g., to add data to various contacts, sort them into groups, etc.)
- Call extensions (e.g., to facilitate calling someone directly from their contact record)
The short answer is: there are a lot of suppliers that touch your customers’ personal information
How Do I Find These Suppliers?
Use Alpin. It automatically detects dozens, hundreds, even thousands of cloud software applications in use around your company.
What Do I Do With These Suppliers?
First, determine if they are GDPR-compliant. Again, use Alpin to do the heavy lifting. Alpin will automatically send assessment questionnaires to the suppliers you select, tabulate the responses, and highlight the problem suppliers.
Second, work with each vendor to map out the processes you will use to manage personal information, and respond to any problems.
