Under current Data Protection legislation, if another organisation is processing personal data on your behalf, you must ensure this third party only processes the data in line with your instructions, which should be written into existing contracts.
You will also have a responsibility to only use third parties that can give sufficient guarantees they will implement appropriate technical and organisational measures to ensure their processing meets UK GDPR requirements and protects data subjects’ rights.
If your organisation has not appropriately assessed third party data processors and implemented appropriate contracts and due diligence, you may be liable should the third party have a data breach or process your personal data inappropriately.
Evolve North can work with your organisation to:
- Identify your third-party data processors.
- Provide advice and guidance on the most effective approach for ensuring appropriate due diligence of these third parties in relation to the IT Security and Data Protection practices.
- Support your organisation by carrying out the necessary due diligence on any third parties to ensure they have appropriate data protection and IT Security practices in place.
- Support a review of contracts with third parties to ensure appropriate clauses on handling your personal data is included within these and in line with GDPR requirements.
This can be a challenging area to implement, but based on extensive experience with other organisations, Evolve North can support you to get this right, and ensure ongoing compliance with data protection and security requirements.
“Having Evolve North support our board meetings really supported the work we are doing to safeguard our staff and customers”
Head of Operations, European Financial Services.
“Cyber Essentials Plus was essential for us to attain, and the Evolve North team made it possible”
Operations Director, UK Non-Profit
“Given our size, the vDPO service just made sense, as we couldn’t hire this role internally for several years to come”
CTO, UK Marketing Agency
“The Gap Analysis (UK GDPR, ISO 27001 & Cyber Essentials) just made things along clearer and proving our Data Protection roadmap for next 12momths”
Head of IT, Insurance Broker
“We’ve partnered with Evolve North for PCI DSS & ISO7001 support and they’ve always been there when we’ve needed them”
Programme Director, UK Hotel Chain
“They provided clarity across our M365 data and compliance services, our chaotic Microsoft licencing and our complex NHS environment”
Digital & Change Lead, UK NHS Trust
“After pushing through our Cyber Essentials and ISO27001, their quarterly Penetration Testing & Vulnerability scanning just made sense”
CTO, UK Housing Association
“Quick and easy method to get Cyber Essentials. Lots of support when needed”
IT Manager, UK Law Firm
“Just having the annual support days in place, meant we could tackle incidents and third-party onboarding easily”
Director of Tech, UK Hospitality Organisation