A Supplier Related Incident
The GDPR will force a step-change in the way organisations manage their third-party suppliers and partners. In fact, under the new regulation, data processors such as cloud service providers are equally liable for breaches along with the data controller. The supply chains of modern organisations are in reality complex networks of inter-dependencies which many will find difficult to map and secure.
That’s why we are likely to see a major incident stemming from a supplier issue — most likely a supplier in a so-called “third country” outside the EU where local data protection laws are less rigorous. Ensuring your contractors, suppliers and processors have the same policies, procedures and security controls in place is crucial to keeping the GDPR regulators happy.