4 Steps to Manage Third-Party Risks in Data Protection

2022-10-25
banner

The modern business world is increasingly interconnected as vast amounts of personal data, and access to this data, are shared with third parties for business efficiency. 

Although this makes many business processes easier and cost-efficient, it also increases the risks arising from the involvement of third parties. For instance, Fullerton Health suffered a data breach as a result of a hack of their vendor's server in October 2021.

Despite good intentions to provide useful products and services, data breaches can happen to any organisation, in any industry, as long as they collect, use and share any form of personal data. Hence, knowing how to do the necessary due diligence in appointing and managing a third-party vendor is vital for your organisation’s data protection posture.

A recent victim of a third-party data breach was Singtel, which had a third-party file-sharing system hacked in December 2020. The telco called the incident a "sophisticated cyberattack which included exploiting a previously unknown vulnerability.”

Another example of a third-party data breach took place in Malaysia, where a e-wallet service provider, Kiplepay, suffered a data breach involving its payment gateway vendor in Aug 2022. The company called the case a “recent potential third-party data breach incident” and investigations are ongoing.

To effectively manage third-party vendor risk and performance, it is imperative to have the necessary knowledge and expertise in this area. Key personnel in organisations can get hands-on in learning about third-party management through a simulated due diligence exercise in our course here.

Common mistakes when dealing with third parties

Most organisations make the following mistakes in the effort to procure a credible third-party vendor for outsourced services. These mistakes can be costly to the company in terms of financial losses, time and, in some cases, sustaining reputational damage and loss of revenue due to a breach.

Some errors made include:

  •   A sole focus on price when choosing suppliers 
  • Qualifying suppliers based on previous relationships
Already a member?  
Unlock these benefits
benefit

Get access to news, enforcement cases, events, and actionable tips and guides

benefit

Get regular email updates and offers

benefit

Job opportunities, mentorship and career guidance

benefit

Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin

Sign up for a free membership
Topics
    Related Articles
    • Privacy expert: Employees need to be data consciou......

      By Edwin Concepcion Ever since the Covid-19 pandemic turned the world ......

    • Preparing for AI’s Impact on our Jobs...

      The artificial intelligence (AI) revolution is here to stay, but you can “......

    • A-Z of data protection - L is for ......

      A-Z of data protection: terms you need to knowLlawful basis / legal basis• ......

    DPEX Network is a Community Initiative of Straits Interactive.

    Copyright © Straits Interactive Pte Ltd. All Rights Reserved.

    All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.

    Terms and Conditions|Privacy Policy