Ensure contracts with third parties include relevant privacy and information security requirements

When selecting potential vendors/processors, conduct an in-depth assessment of the third party’s ability to perform the required activities in compliance with data protection laws and best practices. The third party’s privacy and security posture are assessed to ensure it is capable of adhering to the organization’s data privacy policy and information security policy (this could be through an audit conducted by the organization or a third party assurance report).

Source :