IT Contractors - What do your clients say about the GDPR?

Are your Clients GDPR-Compliant?*

Charlotte Gerrish, Founding Lawyer of Gerrish Legal, provides the answers in collaboration with ContractorUK.

Since the European Union announced its overhaul of the data protection regime in Europe in 2016, many companies and contractors have been focusing on one key issue: Are we GDPR compliant?

Whilst it is clearly important to ensure that your own practices are up to date, your sole focus shouldn’t only be on whether you have your house in order for all things privacy related, but also whether your clients are also respecting their GDPR obligations, so that you can make sure that you implement proper steps to mitigate liability on your side.

In light of the recent scandals surrounding some of the world's largest tech companies andtheir handling (or mis-handling) of personal data, Gerrish Legal collaborated with leading ContractorUK, the UK's leading online resource for the IT contracting community, and decided to write an article setting out 3 quick ways you can check if your business partners have good privacy practices in place. 


For a speedy overview, and alongside conducting a quick review of your client's website, Gerrish Legal discussed the following tips and tricks:

1) Check your client's GDPR roadmap.

2) Ask questions about your client's international data transfers and the safeguards in place.

3) Review your client's IT and cyber security policies.

For a more in-depth discussion, don't hesitate to read the original article on the Contractor UK website, originally published on 16th August 2018 or contact us for specific legal advice.

*Here at Gerrish Legal, we always think that it is a bit misleading to use the term GDPR-compliant, as there are no certifications at the moment (i.e., like ISO standards for the GDPR), and an organisation's new products and services or use of new technologies, as well as exposure to currently unknown IT security threats means that compliance is never guaranteed. Just because your organisation survived a GDPR audit today, doesn't mean that it necessarily will tomorrow - like many areas of corporate compliance, GDPR strategies need to be monitored and updated for life, not just for Christmas ;-)