GDPR and Vendor Risk ManagementBitSight's Fischer on Why Contracts Alone Won't Satisfy Compliance
As the GDPR enforcement date edges closer, organizations remain unprepared to comply, says BitSight's Elizabeth Fischer - especially when it comes to vendor risk management. What - beyond contracts - do organizations need?
According to recent studies, as many as 61 percent of global companies are not yet GDPR compliant, says Fischer, who is general counsel at BitSight. "I'd say most companies are pretty much totally unprepared," Fischer says. "And I think that's because it is such a big project, and it can seem really daunting for organizations."
And although many components of GDPR can prove challenging to organizations, "The ones that are most onerous as the ones that relate to third-party vendors," Fischer says.
In an interview about GDPR compliance, Fischer discusses:
- Why organizations remain unprepared for GDPR;
- What is most misunderstood about vendor risk management;
- The value of vendor cybersecurity ratings and continuous monitoring.
Fischer serves as General Counsel at BitSight and is responsible for all legal matters. She joined BitSight from Constant Contact, a leading provider of email marketing SaaS solutions. She was previously a member of the Tech Companies and M&A groups at Goodwin Procter.