According to the GDPR regulatory website, personal data is defined as: “Any information related to a natural person or ‘data subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address”.

Organizations that outsource data processing to a third party, such as a vendor, contractor, partner or customer, remain responsible for the security of that data. Failure to do so can result in GDPR noncompliance, with penalties that include fines up to 4% of annual global turnover or over $20 million, whichever is greater.

Learn how to identify any gaps in your third-party program that could put you at risk of noncompliance.