While contracts can define and structure the compliance obligations and service levels, the risks and liability now extend to third parties, triggering changes in third party due diligence in all phases of the third party service provider oversight lifecycle. For companies that rely on external assurance engagements like Service Organization Controls (SOC) 2, the Trust Services Principles and Criteria for Privacy have been updated by the American Institute of Certified Public Accountants (AICPA). Similarly, the Shared Assessments Program, which is an International Standards Organization (ISO) based set of tools, has updated its standard testing procedures for Privacy.
GDPR Privacy and Third Parties
01/31/18 12:03 PM