GDPR Third Party Risk Assessments

Simple and effective assessment of external data processors for GDPR compliance and data security

GDPR and Third Party Risk

Like most organisations, to comply with GDPR you must overhaul and update a number of internal processes and systems, but you can’t ignore a critical area in GDPR: risk from Third Parties such as contractors, partners, suppliers and service providers.

In GDPR terms, as a “data controller” you must perform due diligence on the “data processors” to whom you outsource the processing of Personally Identifiable Information (PII) data. The key issue is that you also assume joint responsibility should one of your Third Parties be breached. Failure of your Third Party data processor to adhere to GDPR requirements means the maximum fine of €20m or 4% of annual global revenue applies to both your Third Party AND YOU!

But how exactly do you assess and validate each Third Party’s compliance with GDPR? How do you know they are capable of fulfilling the GDPR requirements of data privacy and security you express in your contracts and agreements?

GDPR-ready assessments for data processing and security

EU regulators expect both data “controllers” and “processors” to go to great lengths to properly secure PII data. In order to meet GDPR’s requirements, you need a solution that centralises management of these assessments and streamlines the entire process.

Our GDPR Third Party Assessments and Supplier Risk Manager offer just that, using GDPR-specific questionnaire templates to simplify your efforts and focus purely on Third Party’s GDPR compliance.

By streamlining the design of assessments, and making it possible to tailor multiple elements of the questionnaires, you will increase the likelihood of receiving clear and well documented answers that accurately reflect each Third Party’s capacity to comply with GDPR requirements.

Our team of Risk Assessors can also include GDPR compliance into the onsite risk assessment service that can be integrated into your remote risk assessments and reporting within Supplier Risk Manager.

GDPR-Readiness Questionnaire Sets include:

  • Awareness and understanding of GDPR regulations and data protection principles
  • Lawfulness of processing and further processing and legitimate interests
  • Consent management
  • Information notices
  • Data Subject rights, access, rectification, portability, erasure, object & restriction of processing processes
  • Record retention policies and processes
  • Privacy By Design, including Impact Assessments
  • Cross Border Transfers of Personal and Sensitive Data
  • Data governance obligations
  • Personal data breaches and notifications
  • Sub-Contractor Agreements and Controls
  • Codes of conduct and certifications
  • Roles, Responsibilities and Competencies
  • Co-operation and consistency between supervisory authorities, remedies and liabilities
  • Derogations, special conditions and delegated acts, implementing acts and final provisions
  • Subcontracted processes, processors and security controls

Let DVV Solutions ensure your Third Parties are GDPR compliant

We can provide a solution to meet your GDPR Third Party Assessment needs. Manual or Automated. In-house or Managed Service.

Supplier Risk Manager – provides a uniform, automated process for GDPR compliance assessments – including design of questionnaires, distribution and tracking of surveys – that every department can follow. Supplier Threat Monitor then fills the gap between assessments, constantly surfacing and scoring potential risk events meaning you’re never in the dark about your supplier risk.

Together, they give you a centralised view of risk across Third Party data processors, helping maintain continuous visibility of your GDPR compliance state.

SupplierAssess – our fully managed service for Third Party Risk Assessment – is an ideal solution for quickly scaling your GDPR-readiness and other Third Party risk assessment programs. SupplierAssess enables your existing resources to focus on the high value activity of managing risk while DVV Solutions delivers completed Third Party Risk Assessments to your desk.

Call today 0161 476 8700

or Submit a Contact Form

Why choose us?

We are specialists in Third Party Risk Management with over 18 years of experience in Cyber Security and Governance, Risk & Compliance
We are a Shared Assessments program member and recognised Assessment Firm with CTPRP-certified IT Security Assurance Consultants.
We are focused on delivering a Third Party Risk Management program that secures your data supply chain and enhances your IT security posture.