Are Your Vendors Ready for GDPR?

Are Your Vendors Ready for GDPR?

by | Jan 13, 2018 | General Data Protection Regulation (GDPR), Public Policy

By Brad Keller, Chair, Senior Director of Third-Party Strategy, Prevalent, Inc.
Chair, Shared Assessments Assessments VRMMM Committee

Great, yet another blog talking about the need to get ready for the European Union’s General Data Protection Regulation (GDPR). Wouldn’t it be nice if just once someone really helped me deal with GDPR instead of reminding me of all the work I must do? Well folks I’m here to do just that.

Determining vendor compliance with GDPR requires a fairly rigorous process. It starts with determining what data you provide or share with your vendors, whether it is data that is covered by GDPR and if so what requirements are associated with that type of data. Vendor contracts must be modified to include new language to define the vendors role. Since most vendors will fall under the definition of a Data Processor their responsibilities will be defined by Article 28 of GDPR (however, it is possible to be both a Data Processor and a Data Controller). I could continue with a litany of issues you’ll be faced, but that would just add to your problems not help you solve them.

The Shared Assessment’s Privacy Working Group has developed a Tool Kit to help guide you through the process. Their GDPR Data Processor Privacy Tool Kit has everything you need: the processes you need to have in place to identify and map customer data; samples of model contract provisions to get your vendor contracts in compliance; lists of documentation you’ll need to obtain; an updated privacy survey to obtain the information you need to assess your vendor’s GDPR privacy readiness; and, many other useful resource documents. The best part about the Tool Kit is that it’s free and can be downloaded on their web site .

The Shared Assessments Standard Information Gathering Questionnaire (SIG) already contains the information you need to determine if your vendors have adequate IT security controls in place. Now with the help of the GDPR Processor Privacy Tool Kit addressing data privacy concerns, you’ll have what you need to make sure your vendors are ready for GDPR.

Kelly Wagner

View all posts by Kelly Wagner

Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics

This site uses cookies

Please note that on our website we use cookies necessary for the functioning of our website, cookies that optimize the performance.
To learn more about our cookies, how we use them and their benefits, please read our Cookie Policy and Privacy Policy.