by Natalie Laurencik. Businesses need to understand that they can be held liable for shortcomings in the privacy policies of others, such as suppliers.
In terms of POPI and other international data protection legislation that may apply to your organisation, you have obligations – which need to be mirrored in your supplier agreements. Failing this you may be in breach before you have even started. You certainly don’t want to be agreeing to data protection standards inferior to those that your organisation aspires to. If there is indeed no room for negotiating the terms with the service provider, you may be legally required not to accept those terms and select an alternative, more compliant, service provider. Some quick tips to keep in mind:
- Check where the data will be hosted – POPI requires local hosting unless certain conditions can be met.
- Is the service provider using a reputable cloud service?
- Check the service provider’s security standards – ISO compliance is a good indicator.
- Ensure response and repair times match your own.
- Check service provider’s rights regarding their use of the personal information provided.
Natalie Laurencik is co-founder and director of Consilium Legal, a boutique legal and business advisory. She has been a practicing attorney for 13 years. Her expertise lies in commercial law; with a strong focus on the media, advertising, and public relations sector. She also has a keen interest in privacy and data protection, and is immersed in compliance programmes for clients across several different industries. Laurencik is also completing a PECB certfied GDPR DPO certification.
– Receive the Retailing Africa newsletter every Monday and Thursday • Subscribe here