The Ninja Sensei’s Logbook: When Data Intermediaries Mess Up
Generally, Data Intermediaries are reliable as they ensure that your organisation’s personal data is secure and readily accessible. However, there are instances that they mess up, and a breach can occur; what will happen then to your organisation?
When your Data Intermediary messes up:
✅ You may still be liable for the breach — This means a financial penalty even if a data intermediary is involved in processing the data.
✅ Remediation plans are on you, not the data intermediary.
✅ The breach caused by the data intermediary can take a hit on your organisation’s reputation.
Basically, when your data intermediary messes up, your organisation will also suffer. That is why there’s a need for you to review and update the data processing agreements with data intermediaries to ensure that they are adequately protecting personal data.
Although you are not actively processing the personal data of your company, it doesn’t really mean that you don’t have a role to play in protecting it. In a long list of PDPC cases, organisations with data intermediaries still have obligations to ensure that such data intermediaries do their role in protecting personal data, as when they mess up, you are also liable for it.
In other words, the main accountability to secure the personal data in your organisation’s possession rests on YOUR organisation.
P.S. Got questions or do you need help with your cybersecurity and data protection compliance journey? Don’t hesitate to reach out to your friendly cybersecurity and data protection experts at Privacy Ninja. We are always a text/call or email away!
📱 WhatsApp: +65 8750 4250
📧 email: ninjas@privacy.com.sg
This post first appeared on Andy’s LinkedIn wall. Follow us on the following pages for more updates! Facebook | Twitter | LinkedIn | YouTube | Website
