Under the GDPR, organizations are now required to have contracts in place with all their vendors addressing the details of the processing activity. It is also your responsibility to ensure you have “sufficient guarantees” from your vendors “to implement appropriate technical and organizational measures” to safeguard personal data. But how do you get these guarantees, and what other questions should you even be asking your vendors? While vendor assessments have traditionally been focused on security, vendor assessments under the GDPR will need to incorporate privacy considerations. Join Cynthia O’Donoghue, Partner at Reed Smith and Dr. Andreas Splittgerber, Partner at Reed Smith, to discuss the topic of vendor risk assessments—what they entail and how they should be used to evaluate vendors and renegotiate existing contracts for compliance with the GDPR.
