GDPR - Are You Ready for May?
- Date: Friday 23rd February 2018
- PDF: Download
Only 3 months to go before the new regulations are in force.
This month, we’ll talk about third parties:
What is a third party?
Under ICO definition, it is any external party not authorised to hold or process the data you control.
For example, if you have a notice board with staff contact information in the office, a customer walking in and reading this while he waits is a third party.
Why is it important to identify third parties?
They have not been briefed about your policies or trained in how to handle data. Therefore, breaches are a real risk if data is disclosed to a third party.
I have identified third party risks – now what?
Eliminate exposure wherever possible. In our example, don’t let customers wait in your office or don’t display any personal or sensitive information.
What if third parties receive protected information by accident?
This can happen if you send an email to the wrong recipient, lose a memory stick or papers or have a break-in at your offices.
From May onwards you must report any data breaches to the ICO within 72 hours: