Your Contracts Solution
Contracts Management & Consulting Services
Screen Shot 2018-04-12 at 9.56.03 AM.png

privacy rights blog

Staying Up to Date

 

GDPR: Vendor Compliance is the Weakest Link

All companies and organizations rely on and are dependent on service providers or vendors, also known as third parties.  Often times these third parties are managing critical business processes which gives them access to your organization's data.  As such, the Association of Corporate Counsel has characterized these relationships with third parties as the weakest link in GDPR compliance.  Companies and organizations need to make sure they have the right processes, procedures and contract language in place in order to manage their vendor relationships in a way that will prevent massive fines, unprecedented legal fees and harm to reputation such as what we recently saw with Facebook.  

Do you know what data your service providers have access to?  How and where is it stored?  Have you evaluated the safeguards your service providers  have in place to protect data?  Do you have evidence and documentation that proves you have controls and relevant protocols in place?  Have all of your service providers signed a legally binding agreement with you about data protections and indemnification?  Have you read your service providers' terms of use?  These are just a few questions that may cause you to question whether you are sufficiently GDPR compliant.

The Association of Corporate Counsel has prepared a compliance white paper that is linked below.  Find out whether you are meeting best in class protocols and where you are deficient.   Contact us at Intuitive Edge if you need some guidance or help putting a solid program in place.