GDPR Compliance - 5 Questions to Ask Data Processors
Data privacy laws are complex and constantly evolving, and the General Data Protection Regulation (GDPR) is the latest example of that fact. Going into effect on May 25, 2018, this new privacy law was created to harmonize data protection laws throughout the European Union.
If your organization has employees or customers in the EU, you’re no doubt aware of the May 25 deadline and are working hard to meet it on time—and the same should be true of any service providers you have a relationship with. The new data protection directive is designed to better protect the rights and freedoms of individuals. GDPR’s guidelines will reach all levels of personal data – for example, the security standards currently in place to protect social security numbers will also apply to IP addresses.
Once GDPR regulations go into effect, authorities may authorize steep penalties for non-compliance – which makes meeting the deadline an imperative for processors and controllers alike.
IS YOUR DATA PROCESSOR ACTIVELY PREPARING FOR GDPR COMPLIANCE?
Categorized as data processors, these organizations have the same deadline and the same responsibilities as you, the data controller. And those that are genuinely committed to exceptional customer service will not only have a program in place to meet that May 25 deadline, they will also be able to answer your questions about their new processes and information security safeguards.
Below are five questions you should consider asking any third-party organizations that will have access to data that is protected under the EU’s new law:
- Do you have a data protection officer (DPO) and a dedicated security team?
- What new safeguards or processes are you implementing to meet the May 25 deadline?
- How will you verify to customers that you are in compliance with the new law?
- Who will have access to sensitive customer information?
- How is sensitive information stored, and do you have processes in place in the event of a data breach?
IS YOUR DATA PROCESSOR MORE THAN JUST A SERVICE PROVIDER?
People always have questions when a new law is implemented. But when an organization is willing and able to answer those questions, it goes a long way toward easing uncertainty. It also sends a clear message that they are more than just a service provider—they’re a true partner, and an extension of your team.
Want to learn more about GDPR? Visit eugdpr.org for more information.