With more organizations looking to outsource non-core activities it is critical that they understand the data protection and practical implications of doing so – and the ramifications of failing to.
Mike Bradford, founder and director of Regulatory Strategies (www.regulatorystrategies.co.uk) and BIIA’s Expert Advisor on Privacy and Regulatory Affairs reports from his experiences in dealing with clients of all sizes and sectors that businesses still struggle with this. Some embed data protection requirements into their contracts but perform little due diligence; while others are thorough with the latter but have very weak contracts. And some do neither!
This article sets out what organizations need to do to comply with the Data Protection Act 1998 (DPA) – and sound commercial principles – when outsourcing the processing of personal information to a third party. It also draws on the Information Commissioner’s guidance in this area.
To read the full story click on the link: Data Protection – A Guide to Outsourcing
