0203 3013384
SUPPORT

3RD PARTY SUPPLIER REVIEW SERVICE

Looking for advice?

BOOK A CALL

overview

Ensure Compliance
with our 3rd Party Supplier Review Service

Many organisations increasingly rely on third-party suppliers for various services and support, and it is crucial to assess the compliance of these suppliers with data protection laws. Conducting a Data Protection Impact Assessment before onboarding is only one step of ensuring that your data isn’t at risk. Our third-party supplier assessment review service offers a comprehensive risk analysis and evaluation to help you verify that your suppliers adhere to stringent data protection regulations, and protect the privacy and confidentiality of your valuable data. 

We know that many departments in large organisations often procure their own suppliers, and sometimes forget to involve procurement, Legal or the Data Protection Officer. This can cause issues further down the line, especially if no due diligence has been carried out prior to onboarding the supplier. 

If you have been faced with the above issues, then we can assist in performing a full review of all suppliers that you are currently using, we can review contracts, assess data processing agreements, and perform supplier assessments, to ensure that your data is not at risk. 

BOOK A CALL

client testimonial

Bristol Airport approached DPAS several years ago, looking for data protection officer outsourced support.

They wanted advice on projects across the airport, and support assisting the in-house team in responding to complex enquiries. DPAS has been providing DPO services since, providing support remotely, to ensure the airport maintains its consistent compliance.

"

Bristol Airport have worked closely with DPAS for several years – they have been instrumental in providing services helping us to deliver transformative projects across our airport, legal support, with an ethical and pragmatic twist.

DATA PROTECTION SPECIALIST

BRISTOL AIRPORT

BOOK A CALL

Benefits

  • Risk mITIGATION

Third-party supplier assessment reviews help identify and mitigate potential security vulnerabilities and risks associated with data sharing. Proactive measures can be taken to safeguard data, reducing the chances of data breaches or unauthorised access. 

  • supplier profiling

Thorough profiling of suppliers enables categorisation based on the level of risk associated with their data processing activities. This allows you to prioritise assessments and allocate resources effectively to address potential risks. 

  • REGULATORY COMPLIANCE

Compliance with data protection laws, such as GDPR, is crucial. Assessment reviews ensure that your suppliers meet the necessary regulatory requirements, protecting your organisation from legal liabilities and reputational damage. 

  • Comprehensive questionnaire

Customised compliance questionnaires cover key areas of data protection practices, security controls, incident response, and employee training. They provide a standardised and systematic approach to evaluate suppliers’ compliance with data protection laws. 

  • enhanced trust

Demonstrating commitment to responsible data management through regular assessments builds trust with customers, partners and stakeholders. It establishes your organisation as reliable and trustworthy, leading to stronger relationships and improved business opportunities. 

  • gap analysis and recommendations

Gap analysis identifies areas where suppliers are not in compliance with data protection laws. Detailed reports and remediation recommendations enable the development of action plans to address gaps and improve suppliers’ data protection practices. 

What's Included?

Supplier Profiling and Risk Categorisation: We start by conducting a thorough review of your suppliers, identifying those who have access to sensitive data or are critical to your operations. We categorise suppliers based on the level of risk associated with their data processing activities.  

Compliance Questionnaire: Our team prepares a comprehensive compliance questionnaire specifically tailored to assess your suppliers’ data protection practices. The questionnaire covers key areas such as data handling procedures, security controls, incident response capabilities, and employee training. We also include questions related to specific data protection regulations that are applicable to your organisation. 

Onsite Assessments and Document Reviews: for high-risk suppliers, we can conduct onsite assessments to verify their compliance with data protection laws. This involves reviewing their policies, procedures, and technical safeguards. We also assess physical security measures, data storage practices, and any relevant certifications or audits they have undergone. 

Gap Analysis and Remediation Recommendations: Based on the assessment findings, we perform a gap analysis to identify any shortcomings or areas where suppliers are not in compliance with data protection laws.

We provide a detailed report outlining the identified gaps and offer recommendations for remediation. Our experts work closely with you and your suppliers to develop an action plan to address the identified gaps and improve their data protection practices.

Ongoing Monitoring and Reviews: Data protection requirements evolve over time, and supplier compliance must be continuously monitored. We offer ongoing monitoring services and periodic reviews to ensure that your suppliers maintain their compliance with data protection laws. This includes regular assessments, updated compliance questionnaires, and follow-up audits as necessary. 

BOOK A CALL

Meet Our Team Of DPO's & CONSULTANTS

Nigel Gooding

founder & Chief Data Protection Officer

Natalie Bennett

Head of Data Protection Consultancy

kristal rocks

DATA PROTECTION CONSULTANT

Lauren Durham- Hutchins

SENIOR DATA PROTECTION CONSULTANT

teresa gudge

DATA PROTECTION CONSULTANT

WE WORK WITH FTSE 100s Multi-National Organisations Schools Universities Councils Local Governments Agencies NHS Trusts GP Practices Retailers Charities Multi-Academy Trusts Housing Associations Ambulance Services Insurance Companies Sporting Associations Airports Retail Companies Hospitality Businesses

BOOK A CALL
"FANTASTIC SERVICE, DELIVERED BY A GREAT TEAM WHICH HAS MADE A HIGHLY COMPLEX PROJECT EASY TO DIGEST"

We decided to use DPAS because we felt they were a good fit for the BOXPARK brand, being a boutique data protection advisory company. Since the commencement of the project, we have received fantastic service delivered by a great team - making a highly complex project easy to digest. They hit every deadline and continue to provide us easy-to-understand data protection advice and support.
Matthew CarterBOXPARK
Matthew Carter
"I WAS EXTREMELY RELIEVED TO FIND THE FRIENDLY TEAM AND EXCELLENT SERVICE AT DPAS"

They went out of their way to support me in a short timeframe, not only to fulfil my data privacy criteria - which included more complex special category data processing - but also with trusted legal support, which - being all under one DPAS roof - was easier to access and significantly more time and cost effective.
Kate Shepperd-CohenMENSTRUAL SUPPORT SERVICE
Kate Shepperd-Cohen
"THOROUGH, EFFICIENT, AND REMARKABLY UNOBTRUSIVE FROM AN OPERATIONS PERSPECTIVE"

We enlisted DPAS to help with our journey to GDPR compliance, as we didn't have the resources and skills within our team. DPAS' approach was thorough, efficient and remarkably unobtrusive from an operations perspective. Post completion of the project, we had a clearer idea of the risks and issues that attend GDPR compliance directly, and could tidy up in-house data processing to ensure we are more efficient as a business.
Giles Squirrel TEIGNMOUTH MARITIME SERVICES
Giles Squirrel
"DPAS REALLY HELPED TO TAKE THE PRESSURE OFF BY HELPING WITH COMPLEX SARS, AND DPIAS"

On top of an already demanding workload, we had a new system integration, a merger to form a new Trust, and the impact of COVID to deal with. DPAS really helped to take the pressure off by assisting with complex SARs, and DPIAs. With no idea how many SARs you may receive, having the ability to flex by using additional resources can be quite useful. Knowing I can rely on Charlotte's support with DPIAs and data sharing agreements really takes the pressure off. It's really helpful having someone that can take the time out to review requests.
Rhiannon PlattROYAL DEVON UNIVERSITY HEALTHCARE
Rhiannon Platt
"LEGAL SUPPORT, WITH AN ETHICAL AND PRAGMATIC TWIST"

Bristol Airport have worked closely with DPAS for several years, and they have been instrumental in providing their services, helping us to deliver transformative projects across our airport.
Kate Maddock-Jones BRISTOL AIRPORT
Kate Maddock-Jones
"EVERY ONE OF THE TEAM IS KNOWLEDGEABLE AND EXTREMELY COMPETENT"

DPAS have been hugely helpful in recent years, in ensuring that SWAST are doing our best and continuing to comply with information governance best practice and compliance. From our experience, every one of the team is knowledgeable and extremely competent. We have benefited from a range of services from DPAS and specifically with them acting as our Data Protection Officer. They have offered training and advice, and added to our Information Governance capacity, which was welcome and much needed.
Tim BishopSWAST
Tim Bishop
"DPAS IMPRESSED US WITH THE BREADTH AND DEPTH OF THE SERVICES THEY OFFERED"

We were looking for an independent review and audit of our data processing activities and policies across the Rhodes Trust and our partner programmes. When we went to the market, DPAS impressed us with the breadth and depth of the services they offered. We are a relatively complex organisation, but the DPAS team quickly understood how our work fits together, and throughout the audit process, I’ve appreciated the expertise of each member of the team that we’ve worked with. Their advice throughout has been reassuringly thorough, pragmatic, and tailored to our needs.
Matthew TreavisRHODES TRUST
Matthew Treavis
"WE ARE VERY HAPPY WITH THE HIGH STANDARDS OF SERVICE RECEIVED "

The University of Exeter Students’ Guild were keen to ensure we were delivering our GDPR commitment on time and on track. We therefore needed a qualified Data Protection Officer to monitor our progress, provide assurance that we were on the road to compliance, and maintain the role going forward. We sourced DPAS as they were local and have 20 years of data protection experience. We are very happy with the high standards of service received, and the training provided was not only delivered professionally, but completely tailored to our business type. I highly recommend Data Privacy Advisory if you have GDPR worries or you are considering having a Data Protection Officer look after your organisation.
Mark JohnsonUNIVERSITY OF EXETER STUDENTS GUILD
Mark Johnson
"A GREAT, RELIABLE SERVICE WHEN WE NEED IT MOST "

DPAS provides us with excellent, responsive advice when we need to supplement our in-house resource – a great, reliable service when we need it most.
Carys JonesRBBC
Carys Jones
"I WOULDN'T HESITATE USING THE TEAM AT DPAS AGAIN "

When faced with a complex Subject Access Request, we went out to the market to look for a provider that had the knowledge and experience to complete the data conversion and redaction on our behalf. We were impressed with the team at DPAS from the offset and entrusted them to deliver the required redacted documents within the legal timeframes. We found the team responsive and also accommodating when we needed tweaks to how the final information was presented – I wouldn’t hesitate using the team at DPAS again.
Tariq OzaibiHead of Supporter Care & Compliance
Tariq Ozaibi
Previous
Next

WHY OUR
CUSTOMERS
CHOOSE US

WHAT MAKES US DIFFERENT

Easy to understand data privacy and information security services that are always accessable, consistenty pragmatic and continually exceeding expectations.

  • expertise and experience

Our team brings extensive expertise and experience in data protection and supplier assessments. With a deep understanding of regulatory requirements and industry best practices, we ensure comprehensive and accurate evaluations of your suppliers’ compliance. 

  • Timely and actionable reporting

We understand the importance of timely reporting to drive effective decision-making. Our assessment reports are clear, concise, and provide actionable insights. They outline identified gaps, prioritise areas for improvement, and offer practical recommendations to enhance your supplier’s compliance. 

  • Tailored approach

We believe in providing customised solutions that align with your specific needs. Our assessment process is tailored to your industry, regulatory environment, and unique requirements. This ensures that our evaluations focus on the areas most critical to your business and data protection goals. 

  • thorough and proactive assessments

We conduct thorough and proactive assessments to identify potential risks and vulnerabilities in your supplier’s data protection practices. Our assessments go beyond surface-level checks, enabling us to uncover hidden risks and provide actionable recommendations for improvement. 

  • ongoing support and monitoring

Our commitnent to your data protection extends beyond the assessment process. We offer ongoing support and monitoring to ensure your suppliers maintain their compliance over time. This includes periodic reviews, updated questionnaires, and assistance with remediation efforts, providing you with peace of mind. 

  • compliance assurance

With our expertise in data protection laws and regulations, we provide assurance that your suppliers meet the necessary compliance standards. Our assessments help you demonstrate due diligence, mitigate legal risks, and enhance your overall compliance posture. 

sign up

Want to receive a copy of our monthly Data Protection newsletter and news from the DPAS team?

Footer logo

Helping organisations access the value of their data, create a vision, embed the change and build the future.

QUICK LINKS

WHAT WE DO

COMPANY POLICIES

contact info

Book Your Call

Please note all information on this website is for your help and guidance. It should not be regarded as an authoritative or definitive statement of the law.

©2024 Gooding&Co Ltd Trading as Data Privacy Advisory Service. ALL RIGHTS RESERVED

Website Development by GSL Media