Blog Image
Profile Image Verifile
November 28 2017

Top thoughts for GDPR third-party management

The European General Data Protection Regulation (GDPR) will go into effect in May 2018 and while global organizations are required to demonstrate compliance of their security and privacy practices, it goes beyond just the internal organization: the GDPR also extends to the third-party vendors of GDPR-applicable companies.

While you are working diligently to help ensure your own organization is compliant with GDPR, your organization is explicitly responsible for the readiness and conduct of the third parties that store or process your EU citizen 's personal information.

We see that there are three priorities for third-party management: understanding the different roles defined in GDPR, key contract elements to consider for GDPR processors, and assessing the applicable processors for compliance.