Are your suppliers GDPR compliant? Do they work to the same standards as you? Are they protecting your data with the same standards you protect your own?
Supply chains are increasingly becoming more of a risk to an organisation, with increased flows of data throughout third party services, your supplier could be putting your business at risk.
As Dark Reading reported recently, supply chain cyberattacks surged 200% in 2017.
Suppliers and third-parties now have more access to company data than ever before, and hackers will always look to attack the weakest link, which can often be a company’s supply chain.
Ticketmaster for example had their chatbot third party software exposed and therefore their customers data. The British Airways data breach seems to have also been due to a piece of malicious code or application placed on their payment page.
With GDPR in full force, companies are ultimately responsible for the security of their data, whether that be held within their own company, or held with a third-party supplier. Data security and integrity, therefore, needs to be at the forefront of every supplier relationship and it is essential that due diligence is carried out before any supplier relationship is entered into. Existing relationships can also be audited for GDPR purposes, allowing your organisation to ensure that the same standard of security is applied throughout the company you are trusting your data with.
The questions you should be asking your suppliers:
- What cybersecurity tests are you conducting and how frequently?
- How do you comply with GDPR? What policies have you got in place?
- How are you able to assist with a Subject Access Request?
- Do you comply with any cybersecurity standards?
- Do you know where all of your data is stored?
- How and where will my data be stored?
- How will my files be encrypted and backed up?
- What happens to my data when/if we leave?
- How can this be audited on a regular basis?
- Can your supplier substantiate any of the above?
RiskView can tick these boxes for you. RiskView measures information risks within your supply chain to help mitigate the risk to your business, delivering further security and opportunities for your organisation. Their failures can easily become your problem.
View More Articles
- 14th October 2019Data: Defining or Divisive
- 12th September 20192019 on track to be the “worst year on record” for data breach activity
- 10th September 2019Leaving the EU: Brexit and GDPR
- 9th September 2019Data Breaches: Did you know?
- 5th September 2019What should you do if your data has been breached?
- 3rd September 2019GDPR was just the beginning
- 14th August 2019The dangers of Subject Access Requests
- 12th August 2019Is GDPR now being taken more seriously?
- 5th August 2019The financial impact of Subject Access Requests
- 1st August 2019DDC AS Launches SmartRedact