Want to watch this video? Sign up for the course here. Or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures” 

Provide information about the security measures you take to ensure that their data is secure. This may include information about only using IT and storage services with adequate security in place, who are GDPR compliant in the EU and only using systems outside of the EU who comply with GDPR and have appropriate approved measures in place. 

For example, if a company’s computer systems are situated in the US but comply with GDPR and has the EU-US Privacy Shield in place, they will usually be acceptable under GDPR as long as you document this and ensure your privacy policy says what you do. 

This also applies if you use many of software providers or cloud-based storage. If the country or organisation doesn’t meet adequacy decision, you will need to make sure that you have the right standard contractual clauses in place.