White Feather Services | Virtual PA Service Norfolk | Virtual Assistant Norfolk | Virtual Assistant UK | Copywriting Service | Social Media Marketing Norwich

The Implications of GDPR on Your Virtual Assistant

Thursday 9th August 2018

Donna

The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. If you have not heard of GDPR then you need to do some research now, as GDPR affects us all.

Outsourcing Work to a Virtual Assistant
If you outsource work to a Virtual Assistant (VA), you may have concerns surrounding the sharing of personal identifiable information. As a business owner, you may believe that GDPR prevents you from outsourcing work. This is not the case if your VA is based within the EU. However, under GDPR, it is a requirement to be transparent with individuals as to how and with whom their personal information is shared. This means that within your privacy policy, you should specify any third parties ("sharing partners") with whom personal identifiable information is shared. Your VA is a sharing partner.

You need to have an open and transparent relationship with your VA and check that the systems the VA has in place adhere to the six privacy principles of the regulation (look these up if you are not familiar). Do not be offended if your VA seeks similar reassurance from you. As both the Controller and Processor of the data can be prosecuted, trust is extremely important.

So, what measures should your VA have in place?

1) Your VA should be encrypting data stored on any drives and deleting data when it is no longer required for the data processing activity.
2) Any cloud-based systems that store data outside the EU should have a Privacy Shield in place.
3) A VPN should be set up if you would like your VA to access your internal systems remotely.
4) Your VA should be registered with the ICO and hold professional indemnity insurance.

Brief Summary
To summarise, GDPR does not prevent businesses from outsourcing work to a VA, but the VA must be highlighted as a sharing partner in the Business' privacy policy. Both parties are required to be GDPR compliant and the sharing of policies and system processes with each other is recommended.

An open relationship with your VA is key to a successful partnership.