1st May 2018
In addition to the highly publicised Facebook-Cambridge Analytica scandal, the recent media reports of the data breach suffered by Delta Air Lines highlight the importance of effective data protection controls at all levels of your business, both internally and externally. The breach affecting Delta actually occurred at one of their IT suppliers. The supplier provided online chat services for Delta’s website and the cyber-attack on this supplier may have exposed the payment information of Delta customers. This highlights the importance of managing your supply chain effectively and ensuring that your supply contracts have robust obligations on your suppliers relating to protection of personal data, in line with the impending General Data Protection Regulation (GDPR).
Given the potential implications of non-compliance, companies need to ensure that all colleagues are aware of General Data Protection Regulation requirements, not just legal and compliance teams. Any employees that engage with suppliers or contractors should appreciate the impact that non-compliance could have on the company and ensure that data protection issues are considered during the contracting process.
In order to take effective steps to ensure compliance with the GDPR and protect personal data it is important to understand exactly what personal data your business holds and how that information is used by both the business and its supply chain. Companies should consider taking the following actions to assess compliance, resilience and security both within the business and the external supply chain:
For further information or assistance with reviewing data processing contracts or managing your data protection policies and procedures, please do not hesitate to contact any member of Walker Morris’ Commercial or Regulatory teams.