Are your suppliers GDPR compliant? Do they work to the same standards as you? Are they protecting your data with the same standards you protect your own?
Supply chains are increasingly becoming more of a risk to an organisation, with increased flows of data throughout third party services, your supplier could be putting your business at risk.
As Dark Reading reported recently, supply chain cyberattacks surged 200% in 2017.
Suppliers and third-parties now have more access to company data than ever before, and hackers will always look to attack the weakest link, which can often be a company’s supply chain.
Ticketmaster for example had their chatbot third party software exposed and therefore their customers data. The British Airways data breach seems to have also been due to a piece of malicious code or application placed on their payment page.
With GDPR in full force, companies are ultimately responsible for the security of their data, whether that be held within their own company, or held with a third-party supplier. Data security and integrity, therefore, needs to be at the forefront of every supplier relationship and it is essential that due diligence is carried out before any supplier relationship is entered into. Existing relationships can also be audited for GDPR purposes, allowing your organisation to ensure that the same standard of security is applied throughout the company you are trusting your data with.
The questions you should be asking your suppliers:
- What cybersecurity tests are you conducting and how frequently?
- How do you comply with GDPR? What policies have you got in place?
- How are you able to assist with a Subject Access Request?
- Do you comply with any cybersecurity standards?
- Do you know where all of your data is stored?
- How and where will my data be stored?
- How will my files be encrypted and backed up?
- What happens to my data when/if we leave?
- How can this be audited on a regular basis?
- Can your supplier substantiate any of the above?
RiskView can tick these boxes for you. RiskView measures information risks within your supply chain to help mitigate the risk to your business, delivering further security and opportunities for your organisation. Their failures can easily become your problem.
View More Articles
- 14th August 2019The dangers of Subject Access Requests
- 12th August 2019Is GDPR now being taken more seriously?
- 5th August 2019The financial impact of Subject Access Requests
- 1st August 2019DDC AS Launches SmartRedact
- 31st July 2019Don’t be blindsided by your organisations handling of data
- 25th July 20191 in 3 Organisations are struggling to implement the GDPR
- 24th July 2019Lancaster Uni Phishing Attack
- 22nd July 2019The Human Element of Data Security
- 15th July 2019Third Party Data Protection
- 10th July 2019Two Fines in Two Days – ICO Plans to Fine Marriot £99m