Exterro: Five serious data questions regarding vendors and third parties
As we often cover here, vendors are a significant source of risk. Your network of suppliers is legally obligated to comply with all aspects of the GDPR to ensure consistency and true protection for consumers. And although it's not identical to GDPR rules, the nature of the U.S.'s California Consumer Privacy Act (CCPA) make vendor management an incredibly important aspect of privacy compliance for many global companies—a good portion of whom likely have a large enough presence in California to warrant regulatory governance by the law.
If your vendors are not compliant with data protection regulations and managed well, then you’re effectively opening yourself up to huge financial and reputational risks. Ask yourself these 5 serious questions regarding your vendors:
- Who are our vendors?
- Which ones touch our data?
- What specific data do they touch?
- What data is relevant to regulations?
- How are they protecting our data?
Any vendor that can access, process or store your company’s personal data is a risk. And your biggest vendors aren’t always your biggest risks. For example, think about the massive data breach from Target: it happened as a result of hackers accessing systems that one of their small vendors (their heating, ventilation, and air conditioning company) were unknowingly able to access. And they aren't alone; Ponemon Institute survey data finds that about three-in-five companies experience a breach as a result of lax third-party security.
Exterro teamed up with ACC Europe to explore how technology can help defensibly manage vendor and third-party relationships.
Find out more by watching our on-demand webinar, where leading industry experts discussed:
- The 5 critical questions every organisation needs to answer regarding their vendors
- Techniques for assessing risk from vendors
- How new technology can help to comply with new privacy regulations