The European Union’s General Data Protection Regulation (GDPR) greatly upped the ante for how companies are expected to guard consumers’ personal data and respond to breaches.
Any organization that has an establishment or offices in Europe, offers goods or services to individuals in the EU or monitors the behavior of individuals in the EU must not only comply with GDPR’s numerous requirements, but is also responsible for ensuring that its third parties do so as well. Organizations that don’t comply—or whose third parties don’t comply—can be subject to hefty fines.
How can organizations check if their third parties are truly GDPR-ready? This guide covers 12 important questions to consider, including:
- Can personal data be completely erased upon request?
- Does the third party regularly test its security measures?
- Can the third party correct inaccuracies on a subject’s personal data when requested?