The vendor is either an individual or a company that offers services to other businesses and processes data on their behalf. Services that vendors offer span from selling supplies to data storing. Currently, most companies rely heavily on vendors that process the personal data of both customers and employees. Consider Slack, Google Services, (including Google Cloud, Gmail, Google Calendar), Mailchimp, Helpscout, Accounting applications, and many more. Modern companies are rarely without at least three vendors that process their data. This leads to another question.
The GDPR states, in Article 28, that “the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.”
In other words, you, as a business and the controller of your data, should only get in an agreement with those vendors that comply with the GDPR and can showcase their compliance. If your vendors disregard the regulations and fail to comply, the authorities can fine not only your vendors but also you as a controller.
Hence, finding the best vendor for your daily operations requires that you maintain knowledge about your vendors’ GDPR efforts.
As has already been established, making a GDPR assessment of your vendors and subprocessors is essential to maintain GDPR compliance. However, finding information about your vendors is time-consuming and tiring. Because the majority of the information, which legal counsels would advise you to look for, might not be available on public pages or websites despite the requirement of transparency. Emailing back and forth with your vendors can become a regular task. And it can take up to months to make a well-informed assessment and decision.
Fortunately, there is an easy way to find your vendors’ GDPR information in one place. Simply vet your vendors on the Vendor Management Hub.