Data Protection and sending data...



  • I have been asked for help by a client (who themselves were asked) to write a response to discuss how they comply fully with the Data Protection Act 1998 in terms of all categories of information they hold. They want to specifically address the process of how they would transfer personal data between their organisation and their end customers.

    They have been asked to provide details of any recognised Information Security Standards certification that they currently hold and/or include copies of any relevant internal policies that they think would demonstrate their case.

    Has anyone ever been asked to write a paragraph about this? I wondered if anyone could share thoughts on replies....

    FYI: All data is stored locally in their office, with computers password protected, patched and running latest virus definitions. Encrypted backups are taken each night and email solution is with Office 365 with each user having their own passwords.
    I'd expect any personal or confidential files would be password protected (possibly Zipped with password too) and transferred via email - Is this the kind of answer I should be giving?

    Thoughts appreciated.



  • @Joel said in Data Protection and sending data...:

    They want to specifically address the process of how they would transfer personal data between their organisation and their end customers.

    How they would, not how they do? So more like a business to business interview question?



  • I have a feeling that given the question, they want the customer to put a written policy into place for whatever they describe in the paragraph.


Log in to reply