Swisscom Partner Breach – 800,000 Customers – How To Get Supplier GDPR Compliance

Swisscom logo and wordmark

800,000 customers of Swisscom had their personal information leaked when a supplier’s access credentials were “misappropriated.” That’s bad news for those 800,000 people, bad PR for Swisscom, and bad business for the supplier. And with GDPR implementation only a few months away, it is a stark warning: YOU are responsible for your suppliers. They must be compliant with the GDPR, because if your customers’ data is compromised due to their fault, you are still responsible. So, get started now to ensure that your suppliers are GDPR-compliant. Alpin can help by automating the process.

Which Suppliers Must Be GDPR-Compliant?

Any supplier that processes or stores personal data. That can include companies that you rely on for a wide variety of common services. A few examples include:

  • Website analytics that record IP addresses, visitor behavior, “contact us” form content, etc.
  • Marketing and sales CRM databases
  • Email services
  • Chart creation software that has access to personal information
  • File storage and sharing containing spreadsheets, databases and documents that contain personal information
  • Calendar helpers that access contact lists (e.g., to make it easier to set appointments)
  • Contact helpers (e.g., to add data to various contacts, sort them into groups, etc.)
  • Call extensions (e.g., to facilitate calling someone directly from their contact record)

The short answer is: there are a lot of suppliers that touch your customers’ personal information

How Do I Find These Suppliers?

Use Alpin. It automatically detects dozens, hundreds, even thousands of cloud software applications in use around your company.

What Do I Do With These Suppliers?

First, determine if they are GDPR-compliant. Again, use Alpin to do the heavy lifting. Alpin will automatically send assessment questionnaires to the suppliers you select, tabulate the responses, and highlight the problem suppliers.

Second, work with each vendor to map out the processes you will use to manage personal information, and respond to any problems.

Get Started on Your Supplier GDPR Compliance!

Alpin makes your GDPR preparation faster and cheaper, reducing spend by as much as one full time equivalent (FTE). Automating GDPR vendor assessments wth Alpin facilitates the sending, receiving, and scoring of vendor assessments.

  • Sending – GDPR assessments can be sent to multiple recipients at the press of a button. Alpin will send reminder emails until the assessment has been completed.
  • Receiving – Completed questionnaires will appear automatically in Alpin’s dashboard.
  • Scoring – Based on the scoring criteria you establish in the assessment, Alpin will automatically calculate and display the scores for all vendors.

For more information on GDPR preparedness, see our recent posts:

Mark Evans