DATA BREACHES VIA VENDORS and third parties is a significant risk to businesses, even start-ups. The convenience and reliability of software-as-a-service (SaaS) products to run your business is appealing and valuable. You must be aware of what data and, in some cases, what access to your data and systems you give to third parties. You may even be working with a start-up just like yours reading this same book.

Outside counsel should always be consulted before signing any terms and conditions, to make sure the third party is implementing the appropriate level of protection around your data or access to your data; and also to make sure you fully understand what data you will be giving that vendor. Requirements like General Data Protection Regulation (GDPR) require you maintain a data map of your vendors and what data they have when it comes to personally identifiable information (PII). However, your company should be concerned about both PII and your proprietary data.

While there are companies that can help assess the risk of a third-party vendor or build GDPR-compliant data maps, even a simple spreadsheet is enough to get you started. Keeping a list of your vendors and the data they have will go a long way as you scale and expand your start-up.

TERMS AND CONDITIONS

Just like we reviewed terms from customers in Chapter 9, you must also review the terms and conditions of your vendors to ensure they ...