We all know those NDA’s they make you sign before sharing important and sensitive data. As a consultant I’ve always got one on hand and I hope it shows the potential client that I take their privacy serious. Weirdly enough, not everybody sees the need. Quite often I hear a potential client say “Oh no, I trust you. It’s fine”. But is it? I’m not saying I can’t be trusted, but as an organization you’ve got your due diligence to take care of. And getting people to sign an NDA is a large part of that. Here’s why.
An NDA, Non-Disclosure Agreement, is an affidavit where a party states that they shall keep certain information confidential. There are a few different types:
In the list above you’ll have noticed the term ‘appropriate measures’ and ‘processing agreements’. The GDPR requires organizations who process personal data to have appropriate measures in place. One of those measures is making sure your employees, partners and whomever else you share data with, has signed an NDA. For more information about NDA and employees, see my H is for Human Factor Security blog