What should I do if I use third party solutions to handle data under GDPR?
- Make a list of all the third party cloud solutions you currently use.
- Map out the path of your data during the lifecycle of the process to ensure adequate level of security at every step.
- Assess the level of risk you could pose to individuals should your data be compromised.
- Determine whether you need to appoint a Data Protection Officer.
- Review all your contracts to understand where your data and applications are stored and whether your data is ever processed out of the EU.
- Include strict confidentiality, data privacy and data residency clauses in your contract.
- Ask your solution providers, especially those based outside of the EU, whether they are compliant with the GDPR regulation.
- Start evaluating and planning the switch to GDPR compliant solution providers if your current solution providers do not have plans to be GDPR compliant by next May.