GDPR – Is your supply chain the weak link?

GDPR – Is your supply chain the weak link?

Our research shows that typically, claims functions are on top of what’s happening in house and are  taking steps to ensure everything runs smoothly come May.

They are also being reassured by supply chain partners that compliance is progressing, but as many suppliers will be processing personal data (and possibly involving sub contractors), claims functions need more than just reassurance.

Gaining Assurance

The kind of questions our clients want answers to include:

  • Do you know how your suppliers process their waste paper?
  • Do they store your customer data in their own systems along with other client data?
  • Who has access to it?
  • Do they have suppliers of their own who they share data with?
  • Do your contracts need revising to ensure GDPR compliance?

The market message is consistent – along with resource pressures, it is uncertainty around the compliance of the supplier’s supplier that is the big concern.

SX3’s Solution

In response to the demands of the market, SX3 has combined its claims and compliance expertise to  develop a service that assesses claims department suppliers as to how ready they are for the new  GDPR requirements.

Our assessment programmes look at the core requirements of GDPR in terms of how they would apply to claims suppliers (whether as Processors or Controllers), and which have been attuned to the nature of the service performed by the supplier.

Importantly, we will look beyond the first tier of suppliers, to see how they have validated those who they subcontract to.


Our comprehensive assurance programme combines consultants who understand how supply chains work in practice with the capability to audit your suppliers’ performance against each and every GDPR Article, giving you the confidence you need to know your interests and those of your customers are fully protected.