A major challenges facing organisations of every size and in every industry is gaining an understanding of the full extent of their third-party partner relationships and the risks that go hand in hand with them.
Larger entities, with potentially thousands of third-party partners, often do not have a clear understanding of their extended enterprise, or the extent of their third-party relationships, and their associated risks.
So says Russell Opland, data protection officer at a local law firm, who will be presenting on ’The importance of thorough due diligence in the protection of customer data’, at ITWeb Governance, Risk & Compliance 2021, to be held as a virtual event on 11 February.
Many organisations have second or third-party partners that are unknown to them, but whose actions could still have an impact on the company and its reputation. And third-parties are often situated in other countries with different regulations, practices, and standards, another factor which makes having clear oversight of them and their business practices a headache.
Almost every business is dependent on other businesses for services. Opland says these third parties fall under a number of categories, such as service providers, vendors, or suppliers. “In privacy-speak, they’re known as operators under POPIA and processors under GDPR.
According to Opland, a very significant area of risk for businesses relates to their third parties: simply because a business has chosen to outsource some aspect of its operations, typically IT, it does not mean that it has outsourced the risk associated with privacy and security breaches.
Business leaders need to determine how and where third-parties and their activities could potentially expose the enterprise.
During his session, Opland he will cover the relationships between businesses and their service providers, the requirements of POPIA when outsourcing, as well as offer practical solutions for managing this third-party risk.
Share