The General Data Protection Regulation (GPDR) is going to affect every organisation that obtains and stores personal data from 25 May 2018. Organisations in all sectors, need to take action to meet the requirements and avoid the sanctions and fines the ICO can impose if data is mishandled, incorrectly shared or lost.
So, what should organisations be doing to comply with the new GDPR regulations?
Organisations must have full understanding of how their data is handled, who has access and how is it managed.
In many cases, organisations will need to appoint or have someone fulfil the role of a Data Protection Officer (DPO) or Data Manager who is responsible for ensuring the right processes are in place and implemented.
If you are a small enterprise, depending on your line of business and the type of data you handle, you may have the option of partnering with other small organisations to ‘share’ a DPO or Data Manager.
All parts of the supply chain need to work together to achieve the same standards and ensure there is a combined and secure approach to handling the data they share.
In the case of a breach, wherever it happens in your supply chain, the Information Commissioner will see you as jointly responsible and you will still be liable for a fine.
It is therefore imperative you perform thorough due diligence on your current suppliers to ensure they are GDPR compliant, and any new suppliers you bring on before you share any form of customer or client personal data with them.