Not Managing 3rd Party Relationships Can Result in Data Protection Violations
Recent news both in the U.S. and UK have highlighted the obvious fact that failure to manage third-party relationships involving regulated data can result in data protection violations. Here are the important questions tech company executives should be asking:
- Do you know what third parties are accessing, processing, or storing regulated data for your company?
- What steps are you taking to ensure that third parties protect and use your data appropriately? Third-party diligence and oversight is now a regulatory obligation under data protection laws like the GDPR, NYDFS, FAR and others. A systematic process to assess third parties and demonstrate compliance is imperative.
- How can you effectively meet your regulatory obligations? Start with an independent privacy audit and gap assessment then implement a course of action from there.