5 Questions you should be asking your Agency on Data Privacy Day

This week saw an important day in the world of data - Data Privacy Day. You mean it's not in your diary?! We take data very seriously as you know, so it features in ours… And, of course, we don't need much prompting to find a reason to talk about data…

What is Data Privacy Day?

Data Privacy Day is an annual initiative aimed at providing online privacy education and increasing data protection awareness amongst consumers and businesses. But it shouldn't be seen as an annual event, it's also aimed at raising awareness of maintaining good practices all year round.  And naturally, we're a firm believer in this.

What should you ask of your Agency?

If you're reading this as a follower of trueology, then it's highly likely you already know your stuff when it comes to data and how to safeguard it. But if you're embarking on a relationship with a new supplier, here are our top 5 questions you should be asking them:

 

1. What data security standards are in place?

Transparency is key here - make sure you ask questions about the processes in place, how robust are they, do they have a DPO, have there ever been any breaches?

2. What are they doing to safeguard your data?

We're not just talking about having secure systems and stringent encryption in place (that should be a given!), but what about the individuals who are handling your data? How much time is invested in employees to ensure their training is up-to-date? You're perfectly within your rights to ask to see a record of this. At trueology, we make sure all our staff receive regular, on-going training (whatever their role), to ensure they are up to date with the latest requirements and regulations

3. How can they help you to enrich your data?  

We're advocates of the use of anonymised data as recommended by the ICO and understand its power to enrich your own data. But do your homework - what's the source of the data? Is it from a trusted partner? Even if the data is publicly accessible, you still need to ensure that you can evidence that it can be processed in accordance with the requirements of GDPR - above all being transparent and accountabl

4. How do they manage data deletion?

Sometimes it's all too easy just to focus on giving your agency access to your data, making sure it's transferred securely and that it's being processed lawfully etc etc BUT don't forget to close the loop! Once the analysis/profiling/modelling has taken place, what is their data retention policy? We all know that personal data must not be kept for longer than you need it, so make sure you cover this in your scoping conversations and ask to see their data protection policy

5. Can they provide advice & guidance on data and privacy in general?

Under GDPR, the onus for being compliant is a shared responsibility between the data controller and the data processor, which means that your agency has a vested interest in working with you to get it right.

Want to talk data best practices or just need a bit of advice? Get in touch with the trueology team +44 (0)1242 672427 or hello@trueology.com