Simon Rycroft, Principal Consultant, ISF and Kashif Barlas, Senior Consultant, ISF
With businesses streamlining processes and automating customer service through outsourced arrangements, the volume and content of electronically transmitted personal data records has increased beyond all previous estimates. The sharing of special categories of data between businesses and their suppliers has become the norm, sometimes without adequate protection for the individual’s privacy in breach of the GDPR. Where there are hundreds of supplier contracts, it is not pragmatic for an organisation to review and tighten all these contracts immediately in the wake of the GDPR, however a risk-based approach can certainly reduce the compliance burden upon existing teams.
In this seminar, we introduce the concept of a minimum viable product for this aspect of data privacy and describe how it can be aligned with an organisation’s risk appetite and agreed before prioritising and mitigating data privacy risks.