I trust you, I trust you not...
Written by Rebecca BadaGDPR Consultant
What is supplier due diligence and why should you do it
Supplier due diligence is an action taken by an organisation to identify and understand the credibility and suitability of a prospective partner or vendor. Conducting supplier due diligence can help guide decision-making when choosing the right vendor, detect risks with potential suppliers and protect customer data in the process. It's also considered good business practice and can help mitigate future financial and reputational damage caused by a data breach.
Performing checks is a standard approach to nearly all facets in life i.e., family, work, education, therefore supplier due diligence should not be foreign to companies. Failure to carry out supplier due diligence can lead to data breaches which can be damaging to businesses.
Many can easily fall into the trap of neglecting the data protection side of the procurement process due to a lack of due diligence. Albeit Article 28 states that a data controller must only use a data processor that can provide “sufficient guarantees” (particularly in terms of its expertise, resources and reliability) to comply with the UK GDPR and protect the rights of individuals.
Onboarding vendors to process your customers' or employees' data is implicitly stating that you trust them to process your personal data. This must be agreed upon by both parties by signing a Data Processing Agreement (DPA), as discussed in last month's blog article.
It's recommended and best practice for supplier due diligence to be an ongoing process with data controllers reviewing a processor's compliance on a continual basis. Effective and regular due diligence can help safeguard a company from suffering risks to its functionality, reputation, and finances.
Carrying out supplier due diligence:
Before onboarding any new supplier, there are certain principles which should be followed when carrying out supplier due diligence to minimise risks within the supply chain:
Supplier due diligence is an essential process when seeking new vendors as it allows organisations to make an informed decision on whether to proceed with a business partnership and should form part of business compliance strategies. Risk management is important to safeguard your business from the threat of a data breach. Furthermore, written agreements in the form of DPAs will ensure the correct security measures are in place to protect customer data and your business interests.
Get help with your data protection obligations
Bulletproof's experienced data protection officers give your business on-going support and maintenance of your data protection obligations. Find out more about our flexible, cost-effective packages.Learn more
Our experts are the ones to trust when it comes to your cyber security
Get a quote today
If you are interested in our services, get a free, no obligation quote today by filling out the form below.