The EU General Data Protection Regulation (GDPR), effective May 25 2018, has key implications for personal data management for customers and suppliers. Applicable to any organization with business in the EU or holding personal identifiable information (PII) on an EU Citizen, GDPR applies whether or not the organization or its suppliers are based in the EU. In order to evaluate your organization and its third parties, Verego has developed an online platform to track and evaluate GDPR readiness.
GDPR Readiness Assessment
Article 28 of the GDPR Guidelines:
Questions from Buyers:
The controller (buyer) shall only use processors (third parties or suppliers) providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject.
What is a sufficient guarantee? Is a contract sufficient? What technical and organizational measures are considered appropriate? How does my organization assess suppliers and monitor compliance going forward?
Third party service providers are the most likely source of data breach, implicated in over 60% of all incidents.
Under GDPR, data controlling organizations and their suppliers,
can be jointly individually liable for compliance to the GDPR.
A non-compliance, even those results from a third party,
can total up to 4% of annual revenue or €20 million, whichever is higher.
Verego offers a cost-effective assessment and online platform which allows buyers to:
- Collect data from suppliers in a controlled and robust online, cloud-based platform
- Provide proof of record through immediate and clear transparency
- Assess and profile supplier data risk
- Validate supplier adherence to GDPR through buyer or verified, independent third party audits
- Continuously monitor supplier performance
For more information on Verego’s GDPR Readiness Assessment, please see the following resources or email info@verego.com