"Privacy professionals have been involving themselves in their organizations' vendor management programs for a few years now," writes IAPP Research Director and DPO Rita Heimes, CIPP/US, CIPM. In fact, the 2016 IAPP-EY Privacy Governance Survey found that 70 percent of respondents were involved in a formal vendor management program, she points out. "So why am I — as the IAPP's new data protection officer — suddenly seeing so many new (and, let's face it, onerous) privacy and security provisions in otherwise standard contracts?" In this month's installment of the IAPP's DPO Confessional, Heimes explores this question, offering suggestions for a risk-based approach to vendor management in the face of a looming EU General Data Protection Regulation.
If you want to comment on this post, you need to login.