GDPR Questionnaires how to handle difficult requests.
This is a continuation from our previous article on what to do with a GDPR Questionnaires. This article deals with those people who administer them..
Unfortunately, you will get those people at the other end who simply make life difficult. In my experience you either get a geek, who knows tech speak but is ignorant about the realities of business
process, or you get a legal eagle who wants to argue about where the comas should go. You will get people who miss the point of the exercise and continually ask for “clarification” which provides no greater degree of certainty for all concerned.
Large to small.
At the end of the day they are just covering their backs too, in case something goes wrong in the future, so you will have to pander to them with discrete in your replies. Some have a “one size fits all” document, so will get the “do your electronic tag systems for all employees and attendees who enter your buildings” and you look around at three people and the dog working from your backyard garden shed and thinking “hmmmmmm, how’s that going to work”. Sometimes you just need to say this is not applicable, other times you’ll just need to find a work around to keep them happy. When you are dealing with large organisations with more formal working procedures and cultures this is difficult for smaller organisations to adjust. Yet larger organisations need smaller units with more nibble business structures to respond quickly to changing circumstances. It may just be that you stand you ground, and state the case for therefore you did the things you do and how you operate benefits them and hopefully they will leave you alone.
What are we doing this again?
Ultimately the exercise is worth doing to build confidence in business process as, with the Cambridge Analytica/Facebook debacle, any breach would cause reputational damage which would land at the data controllers doorstep.
The following is a link to the ICO’s guide.
For those wishing to investigate these possibilities, please contact us directly regarding our on-site scanning service and contact/document management systems.