Brexit is coming soon and while there might still be an extension of the current deadline, it’s better to be safe than sorry when it comes to preparing for these kinds of situations.
As presented in the blog ‘Five ways to protect your data after a hard Brexit’, there’s several options you have when it comes to dealing with third parties currently located in the UK. However, to be able to take preventive measures, we first need to know which third parties they apply to. Could we use Privacy Nexus to find out which third parties pose a possible risk? Let’s find out!
Privacy Nexus has two specific modules that can play a role in establishing which third parties need our attention. The ‘System Inventory’ and the ‘Third Party Management’ modules. Finally, we’ll take a look at the Dashboard, where the information of these two modules is aggregated.
The System Inventory contains all the information with regards to personal data storage within our organisation. But not only did we register information about the different kinds of personal data that we store, we also collected information about the place where this data is stored and even about the placement of possible backups.
Using this information, we can easily find out which systems are currently located in the UK. All we need to do is either use the filter module to filter out all these systems. Hopefully we also registered a third party for each of these systems, should a third party be responsible for offering the system. This brings us to our next module.
What else can we do? Well, we’ve filled the Third party management with all third parties that we have a data processing agreement with. This way we can make sure that all of them adhere to certain standards in terms of data protection. But what this can also tell us, is which third parties are less reliable in terms of supplying information we need to prove our suppliers are compliant with the GDPR. Compare this list with the list of suppliers we got from the ‘System Inventory’ and we have a good idea of third parties in the UK that might pose a compliance risk to our organisation.
We can save a lot of time by using the Dashboard to perform some of the steps I’ve mentioned above. First and foremost, there is the worldmap, which clearly displays all the countries that you store your personal data in. Simply select the UK and Privacy Nexus will automatically show all your systems that store data in the UK. Select the ‘deadline missed’ pie-chart in the third party management section, and this will filter all third parties that have currently missed their deadlines.
Brexit is going to cause a lot of us a bunch of headaches, but use Privacy Nexus for your privacy management and you might just be able to reduce some of yours.