Around the world, new regulations about the collection and usage of personal data are changing workflows for major organizations. Following the passage of legislation like General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA), businesses are auditing privacy practices and creating much stricter guidelines when they select partners and vendors.

With tighter regulations about the way consumer data is collected and used, organizations have to increase scrutiny for every party that has access to personal data. The entire system is only as secure as the weakest part, so it’s more important than ever to vet external parties and maintain visibility into their data practices. Here are eight vital steps organizations can take to ensure that vendors aren’t jeopardizing data privacy compliance.

Step 1: Audit Your Existing Data Privacy System

Before you do anything else, examine what’s currently in place to understand the changes that need to be made to maintain compliance with new regulations. You want to avoid reinventing the wheel and make adjustments without slowing down the business or adding risks.

After that self-examination, conduct the same check on your network of vendors. It’s imperative that you have a 360-degree understanding of vendors’ business practices and overall reliability before entering or continuing business relationships.

In highly regulated industries, there are seemingly endless regulatory and compliance requirements and activities, and they often are inseparable from the underlying risk management activities themselves, including those for third parties.

Since the 2008 financial crisis, the U.S. has arguably become the most complex and costly jurisdiction for regulatory compliance. An article published by World Economic Forum on enterprise risk management points out that banks are “less experienced with non-traditional threats such as cyber risk, strategic risk, operational risk, regulatory risk and legal risk. Making matters trickier, these risks aren’t easily quantified.” The authors also note that “the growth in such risks is virtually unprecedented in the history of banking. This puts a premium on firms’ abilities to make connections and to recognize the complex whole is far greater than the sum of its parts.”

The financial services sector leads the pack in terms of the amount of regulation it is subject to, including the compliance challenges, regulations and laws in near and far-flung jurisdictions, as well as the cost and complexity of compliance, risk management and governance practices. This sector is not alone is the endless struggle to balance costs and compliance. Healthcare, oil and gas, and the tech sector are also struggling with the cost and complexity to managing sector-specific risks and compliance.

>>More from Linda Tuck Chapman -- Third Party Risk Management: An Opportunity for Procurement<<

In my last blog, I spoke about ethical sourcing and the many benefits it can have for your company. Seems like a no-brainer, right? When attempting to put in a plan to obliterate unethical practices in your supply chain, it starts to be risky business. The best way to mitigate risk is to set up a solid plan and be diligent about following through with it. 

In my research to find a clear plan to mitigate unethical practices, I found a slew of proposed methods. Unfortunately, I felt that many of them seemed too simple—basically, too easy and too good to be true. I finally came across a solid and thorough plan proposed by Declan Kearney, the founder of 360° Supplier View, who shares tips with companies to ensure ethical sourcing practices in their supply chain.

Do Your Research

Make sure you do your research on your suppliers…and their suppliers. With myriad complex regulations now put in place, go out and learn from case studies and the resources that will act as a survival guide as you attempt to research your vendors and suppliers.

Stay Away from the Fat Cat

Assess whether the higher-ups in your supplier organization are well known or politically aligned. These individuals are more susceptible to bribery or corruption.

Mergers and acquisitions (M&A) trends are growing on a global scale, and the benefits are many. M&A create cost efficiencies through economies of scale and also lead to tax gains. They often increase revenues and can reduce cost of capital. And while the benefits of M&A are significant to businesses, there is often an overlooked factor that can potentially collapse the upsides to these benefits. As M&A continue to trend upward, so does the contingent worker population. According to the Bureau of Labor Statistics (BLS) the total number of flexible workers exceeded 2.6 million in late 2013 with projected growth to continue full steam in the coming years. Contingent labor growth is a direct result of the changing overall workforce landscape, and companies are making considerable investments in their contingent workforces to reduce costs and remain nimble. To that extent it's important to recognize that during a merger between companies, independent contractor (IC) liability is often times overlooked. This "hidden exposure" can be devastating to any company as state and federal agencies are increasing their efforts to uncover unknown ICs and penalize the companies responsible for misclassifying these workers. Individual states are also establishing harsh consequences as IC misclassification continues to be a growing problem, and ICs themselves are becoming empowered with information on how to secure their rights as an independent business. Ultimately the acquiring company inherits the ICs as well as the risk associated with those IC engagements. Because the level of IC validation (if any) with the selling company is unknown, it's critical to include discovery of the IC population as a part of the overall M&A due diligence process.