I regularly receive queries from membership organisations and associations regarding data protection. It can be a rather ‘dry’ topic (if I am honest) but it is definately something we must all take seriously; but what about our providers?
“Data Breach” – There’s two words that send shivers down my spine as a membership professional and I ensure all of my work is compliant with the Data Protection Act, as I am sure you do! But what about our providers? Are you 100% sure they are taking their responsibility seriously?
Consider these all too familiar scenarios:
1) An external market research agency administers/hosts your annual membership survey and member data is shared
2) You outsource your membership subscription administration to a third party association management company
3) You sell products/services via a third party fulfilment house
4) You use an online portal hosted by a third party affinity provider and they store members’ personal email addresses as logins
5) Your annual renewals subscription run is administered by an outsourced mailing house.
6) Your CRM is hosted in a cloud environment and member data is hosted on a third party server.
The list goes on, but hopefully you get my drift?
Here’s my two ‘killer recommendations’ to double check your providers are taking their data protection related responsibilities seriously:
1) Check they are registered with the Information Commissioner’s Office (ICO). Their website has a handy search facility so you can find out immediately. If they dont feature on a search you need to take action NOW.
2) Read our Data Protection Research Summary Report (written in partnerhsip with ASI Europe and Kingston Smith LLP). We did a dedicated piece of sector research on this topic last year and can provide you with some practical information/advice.
Please do share this article with colleagues as we need to ensure our providers are compliant.
Most are. Some are not… We need to get this sorted.