How to comply
If things go wrong for some reason, you need to know how to deal with it. Have a clear understanding of what your rights and responsibilities are and how any problems will be addressed.
Check the contract. Make sure your key concerns are covered in the contract (if you have the ability to negotiate) or in the standard terms and conditions.
In particular, check that you know:
- whether the provider has to tell you if something goes wrong (for instance if there is a security breach)
- how you would notify your customers if their data is lost or stolen
- how you're going to know whether the provider is living up to the terms of the agreement (for example does it get regular independent audits done that you'll be able to check?)
- who is liable and what the penalties are if something goes wrong
- what country's law applies if there is a legal dispute and who the appropriate regulator might be?
- whether mediation or arbitration is available. This might be cheaper and more practical than going to court
- whether your provider is insured against privacy breaches
- what the provider's disaster recovery plan covers.
Back to checklist