According to the European Union’s General Data Protection Regulation (GDPR), Article 28, companies are held accountable for handling data, regardless of whether it is in-house or by third-party vendors or partners.
While most businesses know GDPR requirements, too many have prepared by focusing on internal data handling policies and overlooking an even more significant threat: Third-party cybersecurity risk.
To help businesses mitigate internal and third-party risks, the CyberVadis questionnaire includes specific GDPR questions to assess whether a company has built the framework to cover the requirements introduced by the new regulation. Specifically, our analysts will assess whether the company has framed the following:
Roles in charge of data privacy duties have been appointed;
Personal data processing is identified and managed;
Personal data transfer is identified, and data privacy requirements are considered;
Data privacy is taken into account within the procurement process and the project management methodology;
Users are trained on data privacy matters;
Data processing principles are checked (lawfulness, exercise rights, retention, etc.);
A procedure is in place to inform data controllers and/or regulators in case of a personal data breach.
Interested in having your company assessed?
Contact our team at firstname.lastname@example.org.