Openli logo

Vendor (GDPR)

A vendor, also known as a processor or subprocessor, is a business entity that offers a service.

What or who is a Vendor?

The vendor is either an individual or a company that offers services to other businesses and processes data on their behalf. Services that vendors offer span from selling supplies to data storing. Currently, most companies rely heavily on vendors that process the personal data of both customers and employees. Consider Slack, Google Services, (including Google Cloud, Gmail, Google Calendar), Mailchimp, Helpscout, Accounting applications, and many more. Modern companies are rarely without at least three vendors that process their data. This leads to another question.

What is essential when choosing a Vendor?

The GDPR states, in Article 28, that “the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.”

In other words, you, as a business and the controller of your data, should only get in an agreement with those vendors that comply with the GDPR and can showcase their compliance. If your vendors disregard the regulations and fail to comply, the authorities can fine not only your vendors but also you as a controller.

Hence, finding the best vendor for your daily operations requires that you maintain knowledge about your vendors’ GDPR efforts.

How to choose the best fit?

As has already been established, making a GDPR assessment of your vendors and subprocessors is essential to maintain GDPR compliance. However, finding information about your vendors is time-consuming and tiring. Because the majority of the information, which legal counsels would advise you to look for, might not be available on public pages or websites despite the requirement of transparency. Emailing back and forth with your vendors can become a regular task. And it can take up to months to make a well-informed assessment and decision.

Fortunately, there is an easy way to find your vendors’ GDPR information in one place. Simply vet your vendors on the Vendor Management Hub.

Get a free Vendor Checklist

Get an overview of what you need to know about your vendors and their GDPR efforts to ensure your customers data privacy.

Vet vendors with Privacy Hub

Find GDPR information about all your vendors in one place.

Learn more about Privacy Hub

Join our free GDPR & compliance webinars

Ask question, learn from experts and become smarter about GDPR and privacy compliance by joining our free webinars.

See upcoming webinars

Join our newsletter

Join our free bi-weekly newsletter focused on news and updates from the legal landscape of data privacy.