Managing Third-Party Risk in the Age of GDPR
May 1 @ 11:00 am – 12:00 pm
There is increasing focus on data privacy and the protection of personal information around the world, particularly with the EU General Data Protection Regulation (GDPR) coming into force on May 25, 2018. The GDPR places a heavy focus on third parties that process or store personal data on your company’s behalf. Fines for non-compliance can be stiff, going up to €20 million or 4% of global revenues of an organization, whichever is greater. The number and dependence on third parties for processing data is becoming critically important and common. The number and dependence on third parties for processing data is becoming critically important and common. Organizations are to take a stronger approach with third parties in context of GDPR to ensure that they handle data privacy and security in a way that is compliant to the regulation. Third parties who either process employee or customer data need to safeguard this information, particularly in the scope of GDPR. Third parties represent some of the weakest links to a company’s employee and customer data. More than 63% of data breaches can be attributed to third parties, but the organization is still accountable and liable for these breaches. Organizations need an automated and managed process to conduct due diligence and question their third parties’ data handling practices. This requires documentation and audit trail capabilities in order to be able to demonstrate compliance to the regulators and EU data subjects. This is a program that needs to be managed on a continuous basis to be compliant and minimize risk of exposure in the GDPR regulation. In this webinar, we will address best practices to manage third-party relationships with respect to GDPR and how to operationalize your manual processes to ensure compliance. In this webinar, you’ll take away the following:
- Understanding required changes to third-party risk management with GDPR
- Creating and maintaining an inventory of data processing records
- Conducting data protection impact assessments
- Documenting data flows and processes
- Defining and communicating GDPR related policies and procedures with training
- Ensuring third parties are GDPR compliant
- Implementing an incident response process that is GDPR compliant
GRC 20/20 PresenterMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
LogicGate is a team of pragmatic technologists with a mission to empower organizations to solve complex problems related to regulatory pressures, risks, or compliance requirements. Their technology empowers subject matter experts and business process owners to become self-service and build configurable solutions that connect people, process, and data. LogicGate’s competencies encompass a wide range of domain expertise including GRC, Financial Services, Healthcare, Pharma, and Energy. Their unique approach and underlying technology not only makes our clients more efficient and enhances collaboration across the enterprise — but it reduces critical risks and reducing potentially damaging compliance violations.