Third Party and Vendor DD and Compliance


All companies rely on or engage the services of third-party vendors in the manufacture their products or delivery of their services. This can range from payroll providers to supply chain vendors. Article 28 of the GDPR requires you to place your downstream vendors under a compliant contract designed to protect personal data that you control, and they process on your behalf. You are also under an obligation to make sufficient checks to ensure the vendor can meet their obligations under the contract. Managing personal data has inherent risks when it leaves your control and managing this risk has become a major challenge. It is therefore critical to demonstrate that you have analysed your vendor’s ability to protect the personal data that you as a business control.

The Data Privacy Guys have a range of services from manual checks, using our proprietary methodology and question templates through to the implementation, configuration and integration into your procurement systems of OneTrust’s Vendorpedia product that enables organisations to conduct detailed due diligence both during vendor onboarding as well as continual monitoring, re-auditing and re-assessing existing vendors.   


This service includes

  • Customised Vendor Risk Assessments

  • Vendor Evaluation

  • Integration with procurement systems

  • Vendor Onboarding

  • Streamlined Contract Management

  • Integration with data mapping

  • Risk Analysis & Reporting

  • Incident and breach reporting


Interested in a free Gap Analysis?