DVV Solutions, specialists in Third Party Risk Management, has launched a new set of GDPR Third Party Risk Assessment questionnaires specifically designed to test the compliance of Third Party data processors with EU GDPR Regulations.
The questionnaire sets are designed to scrutinise the controls, policies and procedures each Third Party data processor has in place and enable clients to determine the state of each supplier’s readiness for GDPR. With GDPR rules placing joint responsibility (and liability for penalties and fines) on both parties in the case of any breach, the GDPR Third Party Risk Assessment enables organisations to take proactive measures to address risks and non-compliance before and after 25th May 2018 when the new regulations and larger potential sanctions come into effect.
Sean O’Brien, Director, DVV Solutions commented “We recognised the unique and specific challenges GDPR poses to both clients, as ‘data controllers’ and their outsourced business partners as ‘data processors’. Enabling outsourcers to qualify and attest to their compliance with GDPR is a critical step for IT Risk Assurance teams in ensuring the integrity and regulatory compliance of the data supply chain. These tailored questionnaires are an ideal solution and can be executed in isolation or added to existing IT risk assessments and then integrated into an ongoing program of IT supplier risk assessment.”
A comprehensive evaluation of GDPR compliance
The GDPR Third Party Risk Assessment can be delivered via our cloud-based Supplier Risk Manager platform for your team to execute or as a fully managed service on your behalf by our IT Security Assurance experts. We’ll work with you to understand your data security challenges and program objectives to build the right service to suit your needs.
The GDPR assessment questionnaire covers the full breadth of exposure posed by outsourcing the processing of PII data to Third Party data processors and includes subjects such as:
- Awareness and understanding of GDPR regulations and data protection principles
- Lawfulness of processing and further processing and legitimate interests
- Consent management
- Children’s data protection, processing and management
- Sensitive data and lawful processing
- Subject access, rectification, portability and right to object processes
- Management of right to erasure and right to restriction of processing, and
- Personal data breach notifications
You’re only as Strong as your Weakest Link
Outsourcing data processing has clear benefits — from lower costs to increased efficiency and productivity in non-core business processes. But the value Third Parties bring can be eroded by associated risks.
With the clock continuing to tick down to the launch of GDPR in May 2018 these GDPR Third Party Risk Assessments will help to fill the gap in many GDPR programs where the assurance and compliance of Third Party data processors is often left down to a basic check and update of contractual terms. But this only helps to identify liability after a breach and potentially significant financial and reputational damage has occurred.
In line with the ICO’s guidance for implementation of “best-practice” the GDPR Third Party Risk Assessment develops a more proactive approach to GDPR compliance – identifying risks and issues and allowing both parties to work together to mitigate any clearly validated risks before, rather than after the fact.
The GDPR Third Party Risk Assessment can be delivered via our cloud-based Supplier Risk Manager platform for your team to execute or as a fully managed service on your behalf by our IT Security Assurance experts. We’ll work with you to understand your data security challenges and program objectives to build the right service to suit your needs.
Visit our dedicated GDPR Third Party Risk Assessment web page to find out more or:
Call Us: +44 (0) 161 476 8700
Contact Us: Complete our Contact Form, or
Learn more about What We do