Opus uses GDPR to help companies respond to May 2018 regulatory deadline

Opus uses GDPR to help companies respond to May 2018 regulatory deadline

Opus, the leading provider of global compliance and risk management solutions, today announced the launch of its new Third Party GDPR Compliance solution, developed specifically to identify and manage General Data Protection Regulation (GDPR) risk in third-party relationships.

The European Union’s General Data Protection Regulation, which comes into force on May 25, 2018, is a significant overhaul of data protection laws that impacts all companies that process the personal data of EU citizens. Among other requirements, organisations that are subject to the GDPR must clearly document their data processing activities and have procedures in place to promptly detect and notify regulators, and any affected individuals, if they experience a data breach. This means that organisations need to know which third parties have access to personal data, and understand their third parties’ information security procedures, to properly respond to GDPR.

“It’s a tremendous challenge to identify where all the personal data held by a company is, and whom it is shared with,” said Richard Saville, Solutions Consultant at Opus. “However, with GDPR around the corner, regulated companies are more at risk than ever from their third-party relationships. In a recent Opus and Ponemon Institute survey, 56 percent of respondents confirmed that their organisations experienced a data breach caused by a vendor. And only 35 percent of respondent have a complete inventory of third parties with whom they have shared sensitive information. Our solution simplifies the challenge of identifying an organisation’s exposure to GDPR risk through third parties, helping to manage this risk efficiently and effectively.”

Opus’ Third Party GDPR Compliance solution was developed based on published regulatory guidance from the UK’s Information Commissioner’s Office, and allows organisations to identify third parties that expose them to risk, providing a robust framework to manage this risk. This includes the ability to:

  • Identify the third parties with whom you share personal data
  • Scope the appropriate controls for each third party based on the data shared
  • Send relevant questionnaires to each third party to assess whether they meet these controls
  • Automatically map responses back to specific controls
  • Assess and document the effectiveness of a third party’s controls
  • Recommend and track remediation where a control is not met

Browse our latest issue

Intelligent CISO

View Magazine Archive