AI Geeza
AI Geeza
Blueprint BuilderExamplesGDPR Vendor Risk Checklist/SOP

GDPR Vendor Risk Checklist/SOP

Compliance
Compliance Officer
Tone: Thorough and risk-focused

Goal

Create a GDPR vendor risk assessment checklist and monitoring SOP that ensures all data processors meet compliance requirements.

Context

UK SaaS company using 25+ third-party vendors that process customer data. No dedicated compliance team. Mix of UK, EU, and US vendors.

Constraints

  • UK GDPR and DPA 2018 compliant
  • Under 2 hours per vendor
  • Non-legal staff usable
  • International transfers addressed
  • Risk-prioritized

Do

  • DPA requirements check
  • Technical/organizational measures
  • International transfer verification
  • Risk scoring
  • Sub-processor review
  • Breach notification requirements

Do Not

  • Do not accept self-certification alone
  • Avoid one-size-fits-all
  • Do not skip data retention
  • Avoid ignoring small vendors
  • Do not rely only on initial assessment

Success Criteria

  • 100% vendor assessments
  • High-risk vendors remediated
  • DPAs with all processors
  • ICO audit-ready documentation

Output Format

Assessment checklist, risk scoring matrix, and ongoing monitoring schedule

Generated Prompt

You are a data protection specialist. Create a GDPR vendor risk assessment checklist for a UK SaaS company.

## Context
UK SaaS company using 25+ third-party vendors processing customer data. No dedicated compliance team. ICO registered. Mix of UK, EU, and US vendors.

## Do
- Include data processing agreement requirements checklist
- Assess technical and organizational security measures
- Verify international transfer mechanisms (SCCs, adequacy)
- Score vendors by risk level (high/medium/low)
- Include sub-processor review requirements
- Add breach notification verification

## Do Not
- Accept vendor self-certification without verification
- Use one-size-fits-all for different risk levels
- Forget data retention practices
- Skip smaller vendors processing personal data
- Rely solely on initial assessment

## Output Format
Three components: Initial assessment checklist, Risk scoring matrix, Ongoing monitoring schedule and SOP.

## Success Criteria
- 100% of vendors assessed
- High-risk vendors identified and remediated
- DPAs in place with all processors
- Clear documentation for ICO audit

Want to customize this blueprint?

Load this example into the Blueprint Builder and adjust for your specific needs.

Open Blueprint Builder

Related Examples

SOP

Sales Rep Onboarding SOP (B2B SaaS)

SOP

Incident Response Runbook (Small IT Team)

Marketing

Weekly Content Plan for a Niche Tool Site

Marketing

Product Launch Email Sequence

Marketing

TikTok Ads Creative Brief + Angles

Sales

B2B Cold Outreach Sequence (Email)