Our GDPR Vendor Due Diligence service is designed to support businesses/organisations who want to understand and quantify the supply chain risk of a specific supply chain partner. This service is particularly important to access before any supply contract is signed. Early sight of GDPR/Data Protection risks flagged early will save a business significant cost, time, reputational damage and even embarrassment.
How does GDPR fit into Vendor Due Diligence?
Within every vendor due dilligence check (both standard and enhanced due diligence), you need to assess the risks of data. This includes policies and procedures in place by the vendor/customer in question. This will help you build a clear picture of whether the data transferred between the parties is done so legitimately, safely and securely, in compliance with the appropriate data protection legisaltion such as GDPR.
In GDPR, you are a data controller. You are responsible for selecting data processors, that are suitable for processing the personal data of your data subjects. There are significant number of factors that will determine whether any given processeer is suitable for your supply chain. If an inappropriate Due Diligence process has been followed or a good one implemented poorly, then the data controller can expect to take full responsibilty for a data breach at the processor.
That is why Due Diligence is important. Whether you are vetting a partner, sub-contractor, customer or associate. Strong data protection principles must be in place.