Share on facebook
Share on google
Share on twitter
Share on linkedin

Should you share passwords in a GDPR world?

Last Updated on

We’ve been working really hard with our VA clients to help make sure they work in a secure and GDPR compliant way.  From contracts, to data processing instructions it’s been a long journey making it all work and integrate with how VAs work today.

One question that comes up over and over again is about password sharing.   It seems that many clients just want to share passwords with their VA and some even just email logins and passwords over to the VA.

Password sharing and GDPR

GDPR is a big subject but when you boil it all down it is about security, transparency, accountability and minimising the amount of data that is shared to avoid risk.

If you simply share all your logins and passwords with your VA how will you be able to tell who did what?

Suppose something goes wrong and a lot of data is accidentally deleted or exported?  How will you be able to trade who did what?

Assuming you are the master user or administrator, password sharing means giving your VA access to all rights and all areas of data regardless of whether it is needed to do the task you have paid them for.

Reduce access by creating role-based logins for each user

You can do a lot to reduce the GDPR risks in your business by creating separate logins for your VA.  This allows you to give them only the rights they need to do the work you have paid them for.  This gives you more control – and as the Data Controller for your own business data it is important you retain control and don’t just give it all away to your outsourced team.  This means you can also restrict what your VA can do, and often what they can see.  You need to do this.  This is not because you don’t trust your VA, but because it is your job to minimise who has access to what.

What about platforms that don’t offer multi-user logins?

Many social media platforms, in particular, do not offer multi-user logins.  They are set up as ‘personal’ accounts’ in technology terms.  However, that account may link to hundreds, if not thousands of other subscribers, all of whom will share some data about themselves.

You should consider using third-party posting platforms such as Hootsuite where you can set up teams who have the right to post to certain social media accounts.

What if there is no option but to share logins and passwords?

If the platform does not integrate with a posting app or there is some technical problem, you may as a final resort consider sharing your login and password.  Check before you do that this is not in breach of the platform’s terms of service.  If you are going to do that you still need to do so securely.

LastPass is a great way to securely share (and store) password and login data.  You can share access without disclosing your password.  You won’t be able to track who did what, but at least you won’t have sent your passwords round in an email for the whole world to intercept!  You can get a basic account for free.

Don’t want to spend money on security?

If you feel you don’t want to spend money on posting applications, secure password sharing, or on professional software that allows multi-user logins you may be storing up trouble for yourself.  We all sympathise with ‘bootstrapping’ your startup but if you can now afford a VA you really do need to invest in secure ways of working before you start giving your team access to customer data.

You need secure methods of working, a proper contract that covers security and GDPR (and a lot else besides) and a data privacy policy that reflects the way you work today.

Your customers will never know (hopefully) how much to thank you for doing this.  Your VA will love you for taking care of it all properly and you won’t be wondering who did what or where all your data went!

Drop us a comment

Leave a Reply

Bestselling Contracts and Support for a Range of Industries

The perfect business contract protects more than just your boundaries. The perfect business contract protects your clients in relation to things like Copyright, IP, GDPR, scope-creep and all the other things that eat away at your profitability.

Check out our contract shop and GDPR support today and start earning what you should in your business.

Close Menu

Would You Like GDPR Updates?

The update to the data protection act is complex, and non-compliance runs the risk of unlimited fines.  Let Koffee Klatch help you work GDPR for your business.

We won’t add your details to any other list or share them. You can unsubscribe at any time. For more information see our Data Privacy Policy