{"id":25323,"date":"2018-02-02T09:31:36","date_gmt":"2018-02-02T09:31:36","guid":{"rendered":"https:\/\/www.highspeedtraining.co.uk\/hub\/?p=25323"},"modified":"2024-05-17T13:48:01","modified_gmt":"2024-05-17T12:48:01","slug":"gdpr-third-party-data-processors","status":"publish","type":"post","link":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/","title":{"rendered":"GDPR &#038; Third Party Data Processors"},"content":{"rendered":"<p>Whilst it&#8217;s important that you\u2019re on top of your data compliance, it\u2019s also essential that you check that any third party data processors you use are also compliant. Ultimately, as a controller, you are responsible for ensuring that personal data is processed in accordance with GDPR. This means that you need to establish that your data processors are fully compliant or you could be liable for corrective measures and sanctions, including fines.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-25331 size-full\" src=\"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-content\/uploads\/2018\/01\/gdpr-compliance-meeting-1.jpg\" alt=\"colleagues discussing gdpr with third party processor\" width=\"685\" height=\"295\" \/><\/p>\n<hr \/>\n<h2>Who Are Third Party Data Processors?<\/h2>\n<p>A third party data processor is defined under GDPR as, <em>\u201ca natural or legal person or organisation which processes personal data on behalf of a controller.\u201d<\/em> This essentially means any third party who processes personal data on your behalf. This could include cloud services, mailing houses, hosting companies and any other organisation whereby you share personal data as part of your business operations or as part of any projects you may be running.<\/p>\n<hr \/>\n<h3>What Should I Do If I Use Third Party Data Processors?<\/h3>\n<p>Data controllers are responsible for actions taken by data processors. Therefore, you must identify all processors you use, have a clear understanding of the data you store and process with them, and understand how well each processor secures that data.<\/p>\n<p>By completing an assessment of all third party processors you use, you&#8217;ll be able to gauge their awareness of GDPR. You should also be able to assess whether they have appropriate measures in place to comply with the regulations.<\/p>\n<p>You should review their privacy policies and terms of use and look for GDPR statements your data processors may have prepared. This will give you clear guidance on their readiness. You may also consider asking your data processors a series of questions to assess their preparations for the new GDPR legislation.<\/p>\n<div class=\"tip__box\">\n<div class=\"tip__title__container\">\n<div class=\"tip__title__text\">\n<div class=\"tip__title__icon\"><img decoding=\"async\" src=\"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-content\/uploads\/2019\/11\/expert-tip-icon.png\" alt=\"expert icon\" \/><\/div>\n<h3>Need a Course?<\/h3>\n<\/div>\n<\/div>\n<p>Our <a href=\"https:\/\/www.highspeedtraining.co.uk\/courses\/business-essentials\/gdpr-training\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR Training Course<\/a> is suitable for anyone who has responsibility for implementing the changes brought about by the GDPR. It will outline your main responsibilities and help you to start making the necessary changes.<\/p>\n<\/div>\n<hr \/>\n<h2>What Should I Ask Third Party Data Processors?<\/h2>\n<p>Good questions to ask include:<\/p>\n<ul>\n<li>Where is the data stored?<\/li>\n<li>Do you have a data protection officer?<\/li>\n<li>Do you inform me when you transfer data?<\/li>\n<li>What controls do you have in place to reduce risk? \/What are your risk management processes?<\/li>\n<li>Who can access the data?<\/li>\n<li>Do you have security breach notifications in place?<\/li>\n<li>Do you adhere to Binding Corporate Rules (BCRs)?<\/li>\n<li>What measures are in place for you to be compliant with GDPR by May 2018?<\/li>\n<\/ul>\n<p>A useful exercise is to map your data pathways. To understand how data is captured, what data is captured and what data is transferred between you and your data processor. This will give you a clearer understanding of your data management and where you may need to make improvements to your procedures to ensure compliance.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-25371 size-full\" src=\"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-content\/uploads\/2018\/01\/gdpr-questions.jpg\" alt=\"data controllers meeting with third party data processors\" width=\"685\" height=\"295\" \/><\/p>\n<hr \/>\n<h2>Review Your Data Processor Contracts<\/h2>\n<p>The GDPR also makes written contracts between controllers and processors a requirement. This means that you will need to ensure contracts are in place when:<\/p>\n<ul>\n<li>You directly employ a data processor<\/li>\n<li>When a processor employs another processor<\/li>\n<\/ul>\n<p>Therefore, before the 25th May 2018, you need to check your existing contracts. If they don\u2019t meet the requirements, you will need to draft and sign new contracts.<\/p>\n<p>Both your organisation and your third party data processors need to have policies in place to support GDPR. Having a clear picture about how data is transferred will improve your knowledge about the data you control. You should also ensure that the data you collect is the minimum required for the necessary service\/product.<\/p>\n<p>Although it can seem like a challenging mountain to climb, in reality, GDPR offers businesses the opportunity to improve their data practices and their customer relationships. It helps you gain a deeper understanding of your data management, improve your knowledge about your customers and how they interact with you, strengthen databases, and open up new lines of communication.<\/p>\n<hr \/>\n<h3>What to Read Next:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-consent-requirements\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR Consent Requirements<\/a><\/li>\n<li><a href=\"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-quiz\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR Quiz<\/a><\/li>\n<li><a href=\"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-guide-to-the-key-changes\/\">GDPR: A Guide to the Key Changes<\/a><\/li>\n<li><a href=\"https:\/\/www.highspeedtraining.co.uk\/courses\/business-essentials\/gdpr-training\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR Online Training<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>If your business uses any third party data processors, you must confirm they&#8217;re compliant with GDPR. Our guide outlines what measures you can take to check.<\/p>\n","protected":false},"author":24,"featured_media":29332,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[70,3386],"class_list":["post-25323","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business","tag-business-law","tag-data-protection"],"acf":{"schema_disabled":false,"schema_properties_FAQPage_question_answer":null,"schema_properties_HowTo_howto_tools":null,"schema_properties_HowTo_howto_supplies":null,"schema_properties_HowTo_howto_steps":null,"schema_properties_WebPage_cssSelector":null,"schema_sameAs_repeater":null,"schema_custom_json_repeater":null,"schema_custom_json_override":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v19.5 (Yoast SEO v19.12) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GDPR &amp; Working With Third Party Data Processors | Compliance Guide<\/title>\n<meta name=\"description\" content=\"If your business uses any third party data processors, you must confirm they&#039;re compliant with GDPR. Our guide outlines what measures you can take to check.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Working With 3rd Party Data Processors | GDPR\" \/>\n<meta property=\"og:description\" content=\"What measures should you be taking to ensure your third party processors are compliant with GDPR?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/\" \/>\n<meta property=\"og:site_name\" content=\"The Hub | High Speed Training\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/highspeedtraining\/\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-02T09:31:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-17T12:48:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-content\/uploads\/2018\/01\/gdpr-and-third-party.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lex Riley\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Working With 3rd Party Data Processors | GDPR\" \/>\n<meta name=\"twitter:description\" content=\"What measures should you be taking to ensure your third party processors are compliant with GDPR?\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-content\/uploads\/2018\/01\/gdpr-and-third-party-twitter.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@hst\" \/>\n<meta name=\"twitter:site\" content=\"@hst\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lex Riley\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GDPR & Working With Third Party Data Processors | Compliance Guide","description":"If your business uses any third party data processors, you must confirm they're compliant with GDPR. Our guide outlines what measures you can take to check.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/","og_locale":"en_GB","og_type":"article","og_title":"Working With 3rd Party Data Processors | GDPR","og_description":"What measures should you be taking to ensure your third party processors are compliant with GDPR?","og_url":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/","og_site_name":"The Hub | High Speed Training","article_publisher":"http:\/\/www.facebook.com\/highspeedtraining\/","article_published_time":"2018-02-02T09:31:36+00:00","article_modified_time":"2024-05-17T12:48:01+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-content\/uploads\/2018\/01\/gdpr-and-third-party.jpg","type":"image\/jpeg"}],"author":"Lex Riley","twitter_card":"summary_large_image","twitter_title":"Working With 3rd Party Data Processors | GDPR","twitter_description":"What measures should you be taking to ensure your third party processors are compliant with GDPR?","twitter_image":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-content\/uploads\/2018\/01\/gdpr-and-third-party-twitter.jpg","twitter_creator":"@hst","twitter_site":"@hst","twitter_misc":{"Written by":"Lex Riley","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/#article","isPartOf":{"@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/"},"author":{"name":"Lex Riley","@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#\/schema\/person\/b06cba9bbfbff4f2615189b79254269d"},"headline":"GDPR &#038; Third Party Data Processors","datePublished":"2018-02-02T09:31:36+00:00","dateModified":"2024-05-17T12:48:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/"},"wordCount":679,"commentCount":3,"publisher":{"@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#organization"},"keywords":["Business Law and Compliance","Data Protection"],"articleSection":["Business"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/","url":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/","name":"GDPR & Working With Third Party Data Processors | Compliance Guide","isPartOf":{"@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#website"},"datePublished":"2018-02-02T09:31:36+00:00","dateModified":"2024-05-17T12:48:01+00:00","description":"If your business uses any third party data processors, you must confirm they're compliant with GDPR. Our guide outlines what measures you can take to check.","breadcrumb":{"@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/gdpr-third-party-data-processors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.highspeedtraining.co.uk\/hub\/"},{"@type":"ListItem","position":2,"name":"GDPR &#038; Third Party Data Processors"}]},{"@type":"WebSite","@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#website","url":"https:\/\/www.highspeedtraining.co.uk\/hub\/","name":"The Hub | High Speed Training","description":"Welcome to the Hub, the company blog from High Speed Training.","publisher":{"@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.highspeedtraining.co.uk\/hub\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#organization","name":"The Hub | High Speed Training","url":"https:\/\/www.highspeedtraining.co.uk\/hub\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#\/schema\/logo\/image\/","url":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-content\/uploads\/2021\/05\/HST_Logo_Dark-Blue_CMYK_AW-scaled.jpg","contentUrl":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-content\/uploads\/2021\/05\/HST_Logo_Dark-Blue_CMYK_AW-scaled.jpg","width":2560,"height":1206,"caption":"The Hub | High Speed Training"},"image":{"@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/highspeedtraining\/","https:\/\/twitter.com\/hst"]},{"@type":"Person","@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#\/schema\/person\/b06cba9bbfbff4f2615189b79254269d","name":"Lex Riley","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.highspeedtraining.co.uk\/hub\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/13a09812efcaaffd977ebec552402a69?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/13a09812efcaaffd977ebec552402a69?s=96&d=mm&r=g","caption":"Lex Riley"},"description":"Alexis is our in-house GDPR expert and writes accessible and comprehensive content that enables businesses to be compliant with this new piece of legislation.","url":"https:\/\/www.highspeedtraining.co.uk\/hub\/author\/lex\/"}]}},"_links":{"self":[{"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/posts\/25323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/comments?post=25323"}],"version-history":[{"count":6,"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/posts\/25323\/revisions"}],"predecessor-version":[{"id":75104,"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/posts\/25323\/revisions\/75104"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/media\/29332"}],"wp:attachment":[{"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/media?parent=25323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/categories?post=25323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.highspeedtraining.co.uk\/hub\/wp-json\/wp\/v2\/tags?post=25323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}