Why third-party service providers could be your biggest data risk

Posted by Holly Cudbill, 19th July 2018

This article was first published in People Management on 12 July here.

Associate Holly Cudbill comments in People Management on the potential risks of personal data breaches where an employer shares the personal data of its staff with third parties.

Forget GDPR – your business’s payroll processor or childcare vouchers supplier could be an information disaster waiting to happen.

Holly Cudbill, associate at Blake Morgan, adds that, in her experience, HR departments had “largely overlooked” the issue of breaches at third parties, choosing to focus more on protecting their own company.

“That’s a good thing to focus on, but I think few organisations have actually thought about [what happens if your] pension provider says ‘this has happened. We’re just making you aware of it’ because the provider isn’t going to tell you what to do,” she says.

Read the full article in People Management here.

Enjoy That? You Might Like These:


22 March - Holly Cudbill
The Greek Data Protection Authority ("DPA" the equivalent of the UK's Information Commissioner's Office/ICO) has just fined PWC €150,000 for GDPR breaches in connection with its processing of employee data.... Read More


22 March - Cathrine Bryant
In anticipation of the extension of the off-payroll rules to the private sector in April 2020, the Government has published its draft legislation together with explanatory notes, policy paper and... Read More


22 March - Heather Welham
Restrictive covenants are a useful tool for employers to protect their competitive edge and to reduce the risk of 'star employees' leaving to join competitors. However, failure to draft restrictive... Read More