We have updated and finally open to the public the VendorWatch service. It is also connected to the wider TODO.LAW ecosystem - and you will hear more about it in coming weeks.

What it does

VendorWatch is a faster and more efficient way to audit and better understand a company’s current and future data processors and the manner in which they expose it to potential vulnerabilities. Together with vendor-provided credentials and self-reported safeguards (via ad hoc or standardized forms), VendorWatch monitors risk signals through multi-source feeds and streamlines manual reviews by accredited professionals.

How it helps buyers (data controllers)

VendorWatch saves internal teams valuable time during the vetting or onboarding process for new suppliers, typically entailing a thorough analysis of vendor-provided documentation together with a due diligence effort identifying potential areas of risk or security vulnerabilities. Additionally, it surfaces hidden risks resulting from cross-vendor data flows and joint controllership scenarios.

How it helps vendors (data processors)

For their part, SaaS vendors can go far beyond the maintenance of a basic trust center (a commodity at this point), together with the most relevant security certifications (equally commonplace) by claiming their own profile and taking ownership of their live feed, acting on risk signals and further enriching their credentials beyond the obvious criteria that most parties have delegated to AI-driven automation.

Advanced features. Human-in-the-loop.

Data Protection Officers, Chief Privacy Officers, or Compliance professionals may need much more than search features, risk signals, or “vendor portfolio” views.

At a time when most GRC tools or “trust centers” handle scale through AI-powered automation (thus commoditizing the value of accreditations), human intervention is essential for a company’s accountability efforts.

Masters of Privacy Premium subscribers can request tool comparisons, manual audits (legal/technical), and ad-hoc reviews of various pieces of documentation like Data Processing Agreements, privacy policies, and contractual instruments underpinning international data transfers.

These can involve practicing attorneys with data privacy credentials in the relevant jurisdictions, or accredited privacy engineers. While a limited range of pre-defined tasks are bundled within this subscription, controllers and processors alike can engage the professionals in our network to do further work or undertake more complex engagements.

How do I access it?

Start by signing up to VendorWatch with the same email address that you are using in your Masters of Privacy subscription. This will ensure that you can access a few premium features at no cost. Please try it out and share your feedback!