DPA for tools using employee's data
Hello,
I am using Vanta for ISO 27001 et GDPR compliancy. However when i configured the risk for a vendor with employee's data, a DPA is not asked. Why ?
Thanks for your help.
Best regards,
Hello,
I am using Vanta for ISO 27001 et GDPR compliancy. However when i configured the risk for a vendor with employee's data, a DPA is not asked. Why ?
Thanks for your help.
Best regards,
<%= block.description %>
<% } %>
Comments
1 comment
Hi, Camille Morin! Pardon the delay - I wanted to reach out to our support specialists and make sure to get you the best answer.
Vanta's system determines the need for a Data Processing Agreement (DPA) based on a vendor's specific data-processed attributes. For a DPA to be required, your domain must be enrolled in CCPA or GDPR, and the vendor must have customer data in its data-processed attributes list.
In your case, if the vendor only has employee data and not customer data, the system might not flag a DPA as necessary. However, it's always a good practice to have a DPA with vendors handling any personal data, including employee data.
Let me know if you need any additional information!
Please sign in to leave a comment.