CLICK TO WATCH : ‘ GRC ELEARNING : THE INSIDER THREAT ’ 61 suffers a personal data breach involving personal data controlled by another organisation , and it does not inform the data controller of the incident promptly , then they are putting the data controller at risk of breaching their obligations under the GDPR . So , whilst organisations may have internal GDPR compliance policies in place , can the same be said for all of their suppliers ?
It ’ s important for organisations to take control of security auditing , and understand what data suppliers hold on file , where it is stored and who has access to it . By following this process
for every supplier , businesses can proactively limit their exposure to risk and not just assume that each supplier ’ s compliance policies will go far enough . Data processing is prone to human error and is subject to misinterpretation and rarely updated , therefore , data quality checks and data flow mapping plays a crucial role in providing supply chain and cybersecurity assurance .
The vetting of third-party suppliers has become a much more arduous process as risks to security must be thoroughly evaluated – and rightly so . Examples such as the attack on the
www . supplychaindigital . com