Automating GDPR Vendor Assessments

Automating GDPR Vendor Assessments

A critical but often-overlooked part of GDPR is the compliance of your vendors, known as “data processors” in GDPR parlance. It’s almost certain that you rely on third party vendors to collect, process, and store data, such as:

  • Website software that records IP addresses, visitor behavior, “contact us” forms, etc.
  • Marketing and sales CRM databases, including email service providers
  • Other spreadsheets, databases and documents that contain personal information

With these new regulations, you are responsible for the security of any third party vendors that process sensitive data.

This means that as a Data Controller, you need to confirm that all your vendors are GDPR-compliant. To do this, you may need to send GDPR assessments to many vendors – possibly dozens or hundreds.

This takes a lot of time: you have to create assessments, send them, follow up, tally results, and interpret scores. It’s not standardized. It’s not easy to make sure it comprehensively includes all vendors. In fact, you probably don’t even know who all your vendors are! (We find that most companies are only aware of about 10% of their cloud apps. And that’s not surprising, since the average businesses has 1,181 cloud services, and nearly all of them — 92.7% — are not enterprise-ready.)

Alpin solves these problems. First, Alpin helps find those vendors. Then, Alpin makes your GDPR preparation faster and cheaper, reducing spend by as much as one full time equivalent (FTE). Automating GDPR vendor assessments wth Alpin facilitates the sending, receiving, and scoring of vendor assessments.

  • Sending – GDPR assessments can be sent to multiple recipients at the press of a button. Alpin will send reminder emails until the assessment has been completed.
  • Receiving – Completed questionnaires will appear automatically in Alpin’s dashboard.
  • Scoring – Based on the scoring criteria you establish in the assessment, Alpin will automatically calculate and display the scores for all vendors.

See our previous posts on GDPR:

Lauren Alweis