With the advent of GDPR, global brands face new sweeping limits on the way they store, use, and share customer data.
“And compliance does not end at the boundaries of your enterprise,” writes Nitay Joffe, co-founder and CTO of ActionIQ, writes in a new article for InsideBigData.
The brand’s responsibility also extends to the way third-party parties, from public cloud providers to email service providers, store, use and share their customer data, too. These other parties, called “processors” in GDPR lingo, may claim to secure your data the right way, but you should make sure everything under the hood is as they claim.
To do so, here are five critical questions to ask all your processors.
- Has the processor provided a detailed map showing how personal data is handled everywhere in the processor’s extended infrastructure?
- Can the processor demonstrate that your data remains safe even when it passes into the hands of your processor’s own sub-processors—i.e. public cloud providers your processor relies on?
- Can the processor demonstrate compliance with GDPR’s data portability and fine-grained data erasure requirements?
- Can the processor provide comprehensive audit trails that include every transaction involving personal data, wherever it ends up in their extended infrastructure?
- Can the processor demonstrate that its own third-party processors are not accidentally receiving personal data?
For more details, check out the full article at InsideBigData.