Analysis of the Impact of the GDPR on Third-Party Risk Management Programs and Related Recommendations for Domestic as Well as International Corporate World

Lucie Andreisová


The General Data Protection Regulation (hereinafter also the “GDPR”) has imposed several new rules on organisations (business companies) to protect EU individuals’ personal data. Organisations that are data controllers or data processors need to have assurance that their third-party suppliers/vendors as well as sub-contractors comply with applicable GDPR requirements – in other words, they are now responsible for personal data managed by their third-parties. The question however remains, whether and how they are ready to manage this in their business practice? Compliance with the above indicated GDPR requirements comprises of a specific methodical approach that should be carefully integrated into the existing third-party risk management programs. The success of this integration builds on several crucial considerations. Before weighing those, it is important to understand how GDPR (Article 28 in particular) places new requirements on suppliers/vendors and affects the overall third-party relationships. Considering the above, this paper discusses the specific GDPR requirements which were enacted to strengthen companies’ third-party risk management processes and includes a set of practical recommendations on how to establish/amend such programs in the corporate world.

Full Text:




  • There are currently no refbacks.

Business and Management Studies     ISSN 2374-5916 (Print)     ISSN 2374-5924 (Online)

Copyright © Redfame Publishing Inc.

To make sure that you can receive messages from us, please add the '' domain to your e-mail 'safe list'. If you do not receive e-mail in your 'inbox', check your 'bulk mail' or 'junk mail' folders.

If you have any questions, please contact: