Many organisations have contracts in place with third parties for the supply of goods and services. Some of these contracts may rely on processing personal data of employees, for instance, the outsourcing of PAYE.
If this is the case, these contractors, as data processors, will need to comply with the GDPR and clauses relating to data protection considerations must be written into any contract between them and you.
The requirement is to create a register of all third party suppliers, agencies that obtain and receive data, and their compliance regime. Issue a compliance form asking them to demonstrate how they will comply with the law. A questionnaire is also very useful.
For more information on how our third party compliance service can help you, please get in touch by calling us 03333 22 1011 or click here to make an appointment without obligation or cost to learn more.