It has now been a couple of months since GDPR was introduced and the dust has settled slightly. New administrative procedures have been implemented and it is business as usual. WillPack has had a few requests for clarification on the reasons behind the choices we took regarding GDPR so this article will hopefully explain those.
For WillPack the biggest change has been in how we receive instructions and send out drafts. One of things to come out of GDPR was that you can’t send personal data via email. GDPR defines personal data as:
“…any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.”
Given that Will Writers deal in a large amount of personal data we needed to investigate the options available to us. Unfortunately, this wasn’t as easy as it first looked as, under GDPR, we are data processors working for data controllers (our partners). In normal circumstances, the data controller will provide guidance to the data processor on the best way to secure personal data. WillPack though works with over 200 individual partners. We therefore deemed that it was not best practice for us to adhere to over 200 different guidelines. We therefore decided that we would create a data processing agreement that our partners and we would sign. This ensures that we are all working together towards the same goal, using common technology.
Speaking of technology, we decided to use SharePoint as our method of receiving instructions and sending out drafts. WillPack investigated a number of options including Dropbox, Google Drive and WeTransfer but felt that SharePoint offered the best combination of security and ease of use. Articles on accessing SharePoint and details of our revised procedures have been provided to ensure that we can offer the best possible service in the shortest possible timeframe. WillPack will accept any suggestions for improving these articles.
As part of these procedures we have stipulated the “best practice” for the naming of files. This is so that we can locate these quickly and without any confusion. Partners should also note that SharePoint is not for file storage, but rather file transfer. Therefore if, after uploading a document, you notice that it is no longer there, this is because we have removed it (after copying it locally to our servers). Partners should also remove all documents (and associated folders) that are uploaded for their use as soon as they can. This also shows us that you have received them. This includes the digital, counter-signed, copies of your Partner Contract and Data Processing Agreement.
Where partners have difficulties or queries, we ask that they email [email protected] so that we can investigate and advise accordingly.
Cyber Security Insurance
One of the “side-effects” of GDPR is that a breach can result in a fine of €10M (if not more). This is more than enough to break most companies. In accordance with the Data Processing Agreement we have in place, WillPack have been informing partners when they breach GDPR. We do not do this to antagonise partners but to help them. We would also expect partners to advise us should we breach GDPR. By working together, we can ensure that we minimise our collective risk of a breach of GDPR. WillPack provide insurance coverage for our advice and documents drafted, however, this does not extend to the transfer of instructions and amendments to us. Therefore, individual WillPack partners should ensure that they have adequate cyber security insurance.