REQUEST A DEMO

GDPR Third Party Risk Assessments

Simple and effective assessment of external data processors for GDPR compliance and data security

GDPR and Third Party Risk

Like most organisations, to comply with GDPR you must overhaul and update a number of internal processes and systems, but you can’t ignore a critical area in GDPR: risk from Third Parties such as contractors, partners, suppliers and service providers.

In GDPR terms, as a “data controller” you must perform due diligence on the “data processors” to whom you outsource the processing of Personally Identifiable Information (PII) data. The key issue is that you also assume joint responsibility should one of your Third Parties be breached. Failure of your Third Party data processor to adhere to GDPR requirements means the maximum fine of €20m or 4% of annual global revenue applies to both your Third Party AND YOU!

But how exactly do you assess and validate each Third Party’s compliance with GDPR? How do you know they are capable of fulfilling the GDPR requirements of data privacy and security you express in your contracts and agreements?

GDPR-ready assessments for data processing and security

EU regulators expect both data “controllers” and “processors” to go to great lengths to properly secure PII data. In order to meet GDPR’s requirements, you need a solution that centralises management of these assessments and streamlines the entire process.

Our GDPR Third Party Assessments and Supplier Risk Manager offer just that, using GDPR-specific questionnaire templates to simplify your efforts and focus purely on Third Party’s GDPR compliance.

By streamlining the design of assessments, and making it possible to tailor multiple elements of the questionnaires, you will increase the likelihood of receiving clear and well documented answers that accurately reflect each Third Party’s capacity to comply with GDPR requirements.

Our team of Risk Assessors can also include GDPR compliance into the onsite risk assessment service that can be integrated into your remote risk assessments and reporting within Supplier Risk Manager.

GDPR-Readiness Questionnaire Sets include:

  • Awareness and understanding of GDPR regulations and data protection principles
  • Lawfulness of processing and further processing and legitimate interests
  • Consent management
  • Children’s data protection, processing and management
  • Sensitive data and lawful processing
  • Information notices
  • Subject access, rectification, portability and right to object processes
  • Management of right to erasure and right to restriction of processing
  • Profiling and automated decision-taking
  • Data governance obligations
  • Personal data breaches and notifications
  • Transfers of personal data processes
  • Codes of conduct and certifications
  • Competence, tasks and powers
  • Co-operation and consistency between supervisory authorities, remedies and liabilities
  • Derogations, special conditions and delegated acts, implementing acts and final provisions

Continuous Threat Monitoring

You also need a continuous view of potential risks and insight into your suppliers’ investments between assessments that may affect their GDPR compliance.

Has the supplier suffered a data breach? Legal action? Fraud investigation? A hijacking of its brand for a phishing attack?

Supplier Threat Monitor analyses events that can affect the security and privacy of your PII data held or processed externally. This includes data breach notifications, IP reputation data, malware for known domains, financial analysis, phishing attacks, regulatory issues and other publicly available information.

Let DVV Solutions ensure your Third Parties are GDPR compliant

We can provide a solution to meet your GDPR Third Party Assessment needs. Manual or Automated. In-house or Managed Service.

Supplier Risk Manager – provides a uniform, automated process for GDPR compliance assessments – including design of questionnaires, distribution and tracking of surveys – that every department can follow. Supplier Threat Monitor then fills the gap between assessments, constantly surfacing and scoring potential risk events meaning you’re never in the dark about your supplier risk.

Together, they give you a centralised view of risk across Third Party data processors, helping maintain continuous visibility of your GDPR compliance state.

SupplierAssess – our fully managed service for Third Party Risk Assessment – is delivered by a dedicated Risk Assessor working on your behalf to scope, perform and report on your Third Party risk assessments.

SupplierAssess is an ideal solution for quickly scaling your GDPR-readiness and other Third Party risk assessment programs or simply allowing existing resources to focus on the higher value activity of managing risk while DVV Solutions delivers completed Third Party Risk Assessments to your desk.

Call today 0161 476 8700

or Submit a Contact Form

Why choose us?


We are specialists in Third Party Risk Management with over 18 years of experience in Cyber Security and Governance, Risk & Compliance
We are a Shared Assessments program member and recognised Assessment Firm with CTPRP-certified Risk Assessors.
We are focused on delivering a Third Party Risk Management program that secures your data supply chain and enhances your IT security posture.