DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 31, Issue 4

Full Contents Now Available!

Friday, 14 September 2018 16:02

Rethinking Third-Party Risk Management (TPRM) In The GDPR Regime

Building an Effective TPRM Framework

The GDPR imposes new rules on organizations to protect EU individuals’ personal data. Banks are responsible for EU personal data managed by their third parties, but are they ready to manage their third-party risk and comply with the GDPR? This article discuss GDPR requirements to strengthen banks’ third-party risk management.

General Data Protection Regulation (GDPR) Overview

The GDPR is a European law that will act as the primary regulation on how companies protect European Union (EU) citizens’ personal data. This law became effective on May 25, 2018 and extends the data rights of individuals, requiring organizations to take more steps to protect citizens’ data with them or with their third parties by taking the following steps:

  • Developing privacy policies and procedures to protect personal data
  • Adopting appropriate technical and organizational safeguards to protect the individual’s right to privacy