Why third-party service providers could be your biggest data risk

Posted by Holly Cudbill, 19th July 2018

This article was first published in People Management on 12 July here.

Associate Holly Cudbill comments in People Management on the potential risks of personal data breaches where an employer shares the personal data of its staff with third parties.

Forget GDPR – your business’s payroll processor or childcare vouchers supplier could be an information disaster waiting to happen.

Holly Cudbill, associate at Blake Morgan, adds that, in her experience, HR departments had “largely overlooked” the issue of breaches at third parties, choosing to focus more on protecting their own company.

“That’s a good thing to focus on, but I think few organisations have actually thought about [what happens if your] pension provider says ‘this has happened. We’re just making you aware of it’ because the provider isn’t going to tell you what to do,” she says.

Read the full article in People Management here.

Enjoy That? You Might Like These:


9 December - Ian Jones
Employment law expert Ian Jones looks at a case that should sound an alert for companies looking to dismiss staff for spurious reasons, especially in the context of whistleblowing. This... Read More


18 November - Vicky Schollar
Covert surveillance in the workplace has always been a thorny issue for employers with case law placing strict conditions on when and where it can be used. Many employers will,... Read More


6 November - Tim Forer
The Charity Commission recently published its annual report into the whistleblowing disclosures it received between 1 April 2018 and 31 March 2019 and included a significant change to its whistleblowing... Read More