All Collections
Assessment process
Process & scope
Align your business with data protection regulations using CyberVadis
Align your business with data protection regulations using CyberVadis

Learn more about how CyberVadis can help you to align with GDPR

Ana Nikolaeva avatar
Written by Ana Nikolaeva
Updated over a week ago

According to the European Union’s General Data Protection Regulation (GDPR), Article 28, companies are held accountable for handling data, regardless of whether it is in-house or by third-party vendors or partners.

While most businesses know GDPR requirements, too many have prepared by focusing on internal data handling policies and overlooking an even more significant threat: Third-party cybersecurity risk.

To help businesses mitigate internal and third-party risks, the CyberVadis questionnaire includes specific GDPR questions to assess whether a company has built the framework to cover the requirements introduced by the new regulation. Specifically, our analysts will assess whether the company has framed the following:

  • Roles in charge of data privacy duties have been appointed;

  • Personal data processing is identified and managed;

  • Personal data transfer is identified, and data privacy requirements are considered;

  • Data privacy is taken into account within the procurement process and the project management methodology;

  • Users are trained on data privacy matters;

  • Data processing principles are checked (lawfulness, exercise rights, retention, etc.);

  • A procedure is in place to inform data controllers and/or regulators in case of a personal data breach.

Interested in having your company assessed?

Contact our team at

Did this answer your question?