Why you shouldn't hire Fiverr or Upwork freelancers
On Fiverr there is an offer of numerous Freelancers for almost all services: Creating websites, setting up automation, creating logos or corporate designs, writing blog posts… Without platforms like Fiverr and Upwork, the digital economy would certainly look very bleak. People from all over the world can offer their services and customers from all over the world can request them. This creates a huge network in which almost every digital service is represented.
We admit: We enjoy using Fiverr as a freelancer platform ourselves. Especially small tasks that are not our core business can be requested easily there. Using the search function, you can filter by country, ratings, experience or spoken languages and select the right person from a vast number of freelancers. And we have had almost exclusively positive experiences.
However: inquiring and commissioning services via Fiverr involves a risk that most companies in Europe are probably only too familiar with: Privacy.
Yeah, again. With the (in world-wide comparison) strict data protection laws of the European Union, in particular the GDPR, entrepreneursusually only have little fun. And also for the topic of Freelancers privacy plays a crucial role. We explain, why it is more useful and safer against this background, to hire European service providers instead of Freelancers for your project:
Point 1: Exchange passwords, access data and personal data on Fiverr
Article 32 paragraph 1 of the GDPR regulates the guarantee of a "level of security appropriate to the risk" and refers in particular to "pseudonymization and encryption of personal data". For this purpose, it is necessary that the controller and the processor take appropriate technical and organizational measures.
To put it more simple: exchanging passwords or access data in plain text via the chat in Fiverr is considered very critical according to the GDPR.
The parties must also ensure that sensitive data is protected accordingly. This is done by means of so-called technical and organizational measures, TOMs for short. Companies that operate in compliance with the GDPR must draft and disclose these TOMs. In these, European service providers must disclose their infrastructure and thus allow conclusions to be drawn about their IT security. This enables customers to assess how their data is being used.
Honestly, we have never experienced such a procedure on Fiverr. Passwords are simply exchanged and are not changed even after the end of the project. We have never personally received or read TOMs from freelancers on Fiverr.
Point 2: Data processing agreements (DPA) with Fiverr freelancers
Article 28 of the GDPR bears the beautiful title "Processor". This regulates that contractors only cooperate with such "processors", i.e. persons, authorities, institutions or other bodies that process personal data on behalf of the data controllers, who provide "sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject".
Such processors include any services used that have access to customer data, such as Hosting, e-mail services, servers, CRM systems. With all these subprocessors, a European company must conclude individual DPAs. These agreements must specify how and for what purpose the customer data is to be stored, used and secured.
This means that even with Fiverr freelancers, a company would theoretically need such a DPA, because very often personal data is exchanged during projects.
We are not aware that we have ever received a DPA from freelancers on Fiverr. For this, it does not matter which EU or non-EU country the person came from.
Point 3: Liability issues when working with Freelancers
As so often in life, in the end it's all about the question of liability. And of course the GDPR also regulates this point. According to article 82, paragraph 1, "any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered"
Immaterial damages are, for example, discrimination or damage to reputation due to the processed data. However, immaterial damage is also caused if the corresponding personal data becomes public and political opinions, world views, beliefs or ethnic origin emerge from them.
This means that, in the worst case, cooperation with freelancers who do not process data according to GDPR standards can have expensive consequences.
Conclusion: Freelancers need more support from Fiverr
We could go on like this forever now and quote individual articles from the GDPR, which show that the Fiverr or Upwork platforms are often not suitable for privacy-compliant collaboration. And that is actually an extreme pity, because these services bring great benefits to numerous companies and offer almost endless possibilities.
Nevertheless, for projects and contracts involving personal data (and that's almost all of them), we advise you to work with European service providers, who must comply with these regulations, have TOMs, DPAs and process data with the required security.
We would like to see Fiverr provide better support to freelancers who wish to offer their services in compliance with the GDPR. For example, necessary documents could be made available as templates, or approval of the DPA, privacy and general terms and conditions could be mandatory before projects are awarded.
Disclaimer: This article does not constitute legal advice, but only an editorial contribution. We are no lawyers and only carry out an IT-technical assessment based on the GDPR and publicly available data. We do not assume any liability for contents or derived recommendations for action.
Cloud Integration, iPaaS, SaaS, BPA… Ough, hard to keep track of all these terms. They are currently used frequently (and increasingly) in the context of automation, and it is sometimes difficult to make a clear distinction and distinction. We have already written blog posts on the terms iPaaS, SaaS and BPA, but we’ll take them up again here to make the difference.
But let’s start with cloud integration, because that’s the central umbrella term in which we embed all the other technologies in this blog post.
To illustrate these advantages, an example is suitable that we know well from our everyday work as an automation agency:
The central data to be used here is the data of a major customer. This can be the simplest information, such as the address. This address is required in numerous but completely different processes in the company: on the one hand, for correct invoicing in accounting. On the other hand, in the CRM system, where all the data of the large customer is also stored. But the address is also important in sales, for example, when employees go to the sales meeting on site.
Now the customer announces that the address of the company has changed after a move. This information will reach you by e-mail. There are now two options:
01. The e-mail is forwarded to all affected departments, accounting, sales, customer service, marketing… All persons open their corresponding program, CRM, accounting software, marketing tools (such as newsletter marketing) and change the data already stored there of the customer. This means that in multiple applications, different people do exactly the same thing: change one address. 02. But there is also an alternative: By connecting your applications, thus by integrizing them, the customer’s e-mail, or rather the information it contains about the address change, is automatically passed on to all affected applications: CRM, accounting, marketing, ERP. This does not require any clicks, because the cloud integration detects a trigger, i.e. address change, and thus automatically starts the process.
What sounds unimpressive in a single process becomes more effective when such a process occurs several times a day or weekly. Because there is a lot of data that is available in different applications and should always be correct. If these applications are cloud applications they are suitable for cloud integration.
But cloud integration doesn’t just happen. There are now a variety of applications that enable and implement this. Such tools usually allow us to link the relevant cloud applications on a central platform and define clear rules on when, how, where, how much data should be passed on and what happens to them.
IPaaS, SaaS, BPA, ABC – who can still see through it?
To realize cloud integration, there are various applications and technologies that are sometimes used interchangeably.
Cloud integration cannot be done without SaaS, iPaaS and BPA
Cloud integration is rather an umbrella term that includes numerous technologies, such as SaaS, iPaaS and BPA, and this is also absolutely necessary. Cloud integration is a concept that is made possible by appropriate technologies.
However, all terms share the commonality that they are cloud-based and thus offer enormous potential for growth and scaling. In addition, they are often cheaper to implement and maintain because changed requirements are easy to implement.
As an independent automation agency, we implement cloud integration according to your requirements. We use a variety of SaaS tools and iPaas (strictly speaking BPA) software. Together we find individual solutions that are flexible and scalable.