Who is responsible for the data if I outsource, say bookkeeping?

If we are talking about personal data as defined by the Data Protection Act, then you (as the data controller) are responsible for ensuring that it is not processed unlawfully or in an unauthorised way and that it is not accidentally lost, destroyed or damaged. Therefore when outsourcing you need to carry out diligence and find out what measures your outsourcing partner has in place to ensure data security and integrity. In respect of other data, it goes back to the agreement you have in place, look for confidentiality and data security clauses.

This entry was posted in Information Risks, What we are being asked about. Bookmark the permalink.