T 5.107 Disclosure of data to third parties by the outsourcing service provider

Outsourcing service providers usually have several customers. Thus, it is always possible that these customers also include competitors. Such a situation arises especially with large outsourcing service providers and those covering special requirement areas such as security services. If an outsourcing partner processes the orders of two competing organisations in parallel, there might be conflicts of interest if there is no strict separation of order processing (multi-client capability of the outsourcing service provider).

In situations of this kind, work results and knowledge from the project management might deliberately be made directly available to the competitor by employees or subcontractors of the service provider. Such damage can usually no longer be remedied even if individual persons or the outsourcing service provider can, as a whole, be subsequently held legally responsible.

If personal data is processed or stored as part of the outsourcing project at the service provider, additional data protection aspects must also be taken into account. If, for example, client information of a customer is compromised and published, there is the risk that the trust relationship between the customer and their clients is lastingly impaired.