Exposing the 'Experts' - For FUN and PROFIT!
We regularly receive requests from Companies to look into the Data Compliance of other Companies. This activity sometimes comes as a surprise to people who do not know there is a legal requirement upon Companies to do this under Article 28 of the GDPR.
The Companies we assess are sometimes trying to do business with our Client or are proposing a joint venture where data will flow between them or in some cases the Client simply wants to check out their competition and see if there is any ammunition for the next round of Tendering or Contract Negotiations with a third party.
It is still quite shocking that 2 Years after the inception of GDPR so many Companies both large and small are still getting their data protection responsibilities wrong!
With this in mind and in view of the recent relaxation of some lockdown issues which has precipitated an inbox full of individuals and organisations offering their ‘advice’ to businesses, we felt it would be an appropriate time to draw attention to the trust we place in some organisations and how easy it is to quickly find out whether that trust is warranted or not.
During the Coronavirus lockdown, a bored and trusting public have been subjected to a 400% increase in email scams and the like. There is an old adage that says ‘if it sounds too good to be true it probably is’.
We recommend that whenever an organisation offers to tell you how to act or what to think, especially in relation to your business, you owe it to yourself to do some due diligence on the credentials of the ‘advisor’.
Here is our short 10-point checklist of easy things to look out for which confirms an organisation is fully informed about Data Protection and acting lawfully themselves and if they’re not – Why would you let them advise you?
4) If they talk about charging you £10 to respond to your data access query, they are still operating under the old Data Protection Act 1998. Charging for enquiries is now an offence.
8) Look for ‘Marketing notices’ especially ones saying they will pass your details to third parties. Unless you specifically ask for your details to be passed to a third party they cannot lawfully do it.
NB: If you agree to ANYTHING there must be a positive step such as a box to tick to confirm you DO want to be contacted and ideally the METHOD. You might be happy to receive an email but not a phone call. The days of assumptive acceptance are GONE!
Remember, we recommend you check out ANYONE who is trying to ‘advise’ you.
Also, at this time because many people have some time on their hands, doing a bit of Detective work is a useful exercise to complete with your own Suppliers, Customers and Competitors – Save yourself a problem, a Data Breach or even a Fine! Make sure your data is safe in their hands - Always assuming your own house is in order of course!