Vendor Risk Management Software for CCPA Privacy, GDPR Article 28
Third-party vendor assessment and risk management is a growing area within privacy compliance. Demo the Clarip vendor risk management software to help your organization understand its third-party data sharing and the associated compliance risks under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Call 1-888-252-5653 to schedule an online meeting today.
Why does an organization need enterprise vendor risk management software for privacy?
GDPR Vendor Management
The focus of third-party vendor management has for some time been on corruption and data breaches. However, Europe’s new privacy law and the Facebook – Cambridge Analytica scandal exposed many of the problems with third-party data sharing and
Article 28 requires controllers and processors to only engage processors for the processing of data with a written contract that fulfills the terms of Article 28(3). Companies outsourcing some or all of their processing need to know all of the third-parties that they are transferring personal data to in order to comply with this section. If a company is processing data for the company without a written contract (and is not otherwise compliant with Article 28), then it is operating in violation of GDPR and is risking significant monetary penalties (up to 4% of global annual revenue under the maximum fines permitted by the law).
Article 28 of the GDPR also requires that controllers only use processors with sufficient guarantees of technical and organizationsal measures to protect data subject rights and comply with the requirements of GDPR. This section imposes an obligation on companies hiring vendors to understand the potential privacy risks of working with a vendor and make sure that there are sufficient measures in place to meet the law’s data protection requirements.
Vendor management can be a difficult task for large enterprises with significant numbers of vendors. It can be even more difficult when software and websites are built using third-party technology that a privacy team may or may not have reviewed before the code was inserted into it. An organization needs to have a method in place to monitor the creation of vendors by members of the marketing team or IT. Privacy teams also need a way to monitor third-party teams building niche or single-purpose websites that may create privacy risks for an organization.
The Clarip vendor risk management software offers a method for the compliance or privacy team in an organization to monitor their third-party data sharing to ensure that the appropriate vendor management steps are taking place. Please continue reading below for more information on the Clarip software.
CCPA Service Providers
The California Consumer Privacy Act requires covered businesses to provide specified information to consumers about their third-party data sharing. It also requires businesses to notify their service providers when a consumer has submitted a deletion request pursuant to the privacy law and they may be in possession of personal information that was sent from the covered business and needs to be deleted. If an organization is repeatedly “selling” personal information of consumers to businesses (according to the definition provided by the CCPA law), then they need to make sure that these transactions fall within the service provider exemption to the consumer right to opt out of the sale of their personal information.
The CCPA also creates a civil cause of action for data breaches as a result of the failure to implement or maintain reasonable security procedures and practices. If third-party vendor data breaches are included within the right to sue, then it will place a huge responsibility on enterprises for vendor management as third party breach risks are a major area of concern in cybersecurity right now.
As the CCPA is clarified this year by the California legislature and the Attorney General, there is the possibility that the new California privacy law will bring significant third-party vendor management obligations on businesses collecting and sharing personal information when it goes into effect in 2020.
The Clarip Vendor Risk Management Software
Clarip has created Hybrid AI software to assist organizations in the identification of third-party vendors receiving personal data and the assessment of the risks associated with that data sharing. The enterprise privacy software is used by privacy teams at large corporations to enhance their vendor risk management and serve as a check for their privacy compliance.
For a demo of the Data Risk Intelligence Scan and Vendor Risk Management Software, call Clarip at 1-888-252-5653 today!
Contact Clarip Today for Help with CCPA and GPDR
The Clarip team and data privacy software are prepared to help your organization improve its privacy practices. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If your challenge right now is CCPA compliance for your California operations, allow us to show you our CCPA software. From consent management software to offer the option to opt-out of the sale of personal data, to a powerful DSAR Portal to facilitate the right to access and delete, Clarip offers enterprise privacy management at an affordable price.
If you are preparing your European operations for GDPR compliance, we can help through our modular GDPR software. Whether you are looking to start the process with GDPR data mapping software, increase automation in your privacy program with DPIA software, or handle ePrivacy with a cookie consent manager, Clarip has the privacy platform that you need to bolster your program.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
Related Content
GDPR Vendor Management & Third Party Privacy Risk Assessment
Risk and Control Self Assessment Framework for Privacy
Vendor Audit Process
Service Providers and the CCPA Right to Opt Out
GDPR Data Processing Agreement under Article 28
What is a Data Processor under GDPR?
Differences between a GDPR Data Controller vs. Data Processor