Looking for advice?


Ensure Compliance
with our 3rd Party Supplier Review Service

Many organisations increasingly rely on third-party suppliers for various services and support, and it is crucial to assess the compliance of these suppliers with data protection laws. Conducting a Data Protection Impact Assessment before onboarding is only one step of ensuring that your data isn’t at risk. Our third-party supplier assessment review service offers a comprehensive risk analysis and evaluation to help you verify that your suppliers adhere to stringent data protection regulations, and protect the privacy and confidentiality of your valuable data. 

We know that many departments in large organisations often procure their own suppliers, and sometimes forget to involve procurement, Legal or the Data Protection Officer. This can cause issues further down the line, especially if no due diligence has been carried out prior to onboarding the supplier. 

If you have been faced with the above issues, then we can assist in performing a full review of all suppliers that you are currently using, we can review contracts, assess data processing agreements, and perform supplier assessments, to ensure that your data is not at risk. 

client testimonial

Bristol Airport approached DPAS several years ago, looking for data protection officer outsourced support.

They wanted advice on projects across the airport, and support assisting the in-house team in responding to complex enquiries. DPAS has been providing DPO services since, providing support remotely, to ensure the airport maintains its consistent compliance.


Bristol Airport have worked closely with DPAS for several years – they have been instrumental in providing services helping us to deliver transformative projects across our airport, legal support, with an ethical and pragmatic twist.




Third-party supplier assessment reviews help identify and mitigate potential security vulnerabilities and risks associated with data sharing. Proactive measures can be taken to safeguard data, reducing the chances of data breaches or unauthorised access. 

Thorough profiling of suppliers enables categorisation based on the level of risk associated with their data processing activities. This allows you to prioritise assessments and allocate resources effectively to address potential risks. 

Compliance with data protection laws, such as GDPR, is crucial. Assessment reviews ensure that your suppliers meet the necessary regulatory requirements, protecting your organisation from legal liabilities and reputational damage. 

Customised compliance questionnaires cover key areas of data protection practices, security controls, incident response, and employee training. They provide a standardised and systematic approach to evaluate suppliers’ compliance with data protection laws. 

Demonstrating commitment to responsible data management through regular assessments builds trust with customers, partners and stakeholders. It establishes your organisation as reliable and trustworthy, leading to stronger relationships and improved business opportunities. 

Gap analysis identifies areas where suppliers are not in compliance with data protection laws. Detailed reports and remediation recommendations enable the development of action plans to address gaps and improve suppliers’ data protection practices. 

What's Included?

Supplier Profiling and Risk Categorisation: We start by conducting a thorough review of your suppliers, identifying those who have access to sensitive data or are critical to your operations. We categorise suppliers based on the level of risk associated with their data processing activities.  

Compliance Questionnaire: Our team prepares a comprehensive compliance questionnaire specifically tailored to assess your suppliers’ data protection practices. The questionnaire covers key areas such as data handling procedures, security controls, incident response capabilities, and employee training. We also include questions related to specific data protection regulations that are applicable to your organisation. 

Onsite Assessments and Document Reviews: for high-risk suppliers, we can conduct onsite assessments to verify their compliance with data protection laws. This involves reviewing their policies, procedures, and technical safeguards. We also assess physical security measures, data storage practices, and any relevant certifications or audits they have undergone. 

Gap Analysis and Remediation Recommendations: Based on the assessment findings, we perform a gap analysis to identify any shortcomings or areas where suppliers are not in compliance with data protection laws.

We provide a detailed report outlining the identified gaps and offer recommendations for remediation. Our experts work closely with you and your suppliers to develop an action plan to address the identified gaps and improve their data protection practices.

Ongoing Monitoring and Reviews: Data protection requirements evolve over time, and supplier compliance must be continuously monitored. We offer ongoing monitoring services and periodic reviews to ensure that your suppliers maintain their compliance with data protection laws. This includes regular assessments, updated compliance questionnaires, and follow-up audits as necessary. 

Meet Our Team Of DPO's & CONSULTANTS

Nigel Gooding

founder & Chief Data Protection Officer

Natalie Bennett

Head of Data Protection Consultancy

kristal rocks


Lauren Durham- Hutchins


teresa gudge


WE WORK WITH FTSE 100s Multi-National Organisations Schools Universities Councils Local Governments Agencies NHS Trusts GP Practices Retailers Charities Multi-Academy Trusts Housing Associations Ambulance Services Insurance Companies Sporting Associations Airports Retail Companies Hospitality Businesses




Easy to understand data privacy and information security services that are always accessable, consistenty pragmatic and continually exceeding expectations.

Our team brings extensive expertise and experience in data protection and supplier assessments. With a deep understanding of regulatory requirements and industry best practices, we ensure comprehensive and accurate evaluations of your suppliers’ compliance. 

We understand the importance of timely reporting to drive effective decision-making. Our assessment reports are clear, concise, and provide actionable insights. They outline identified gaps, prioritise areas for improvement, and offer practical recommendations to enhance your supplier’s compliance. 

We believe in providing customised solutions that align with your specific needs. Our assessment process is tailored to your industry, regulatory environment, and unique requirements. This ensures that our evaluations focus on the areas most critical to your business and data protection goals. 

We conduct thorough and proactive assessments to identify potential risks and vulnerabilities in your supplier’s data protection practices. Our assessments go beyond surface-level checks, enabling us to uncover hidden risks and provide actionable recommendations for improvement. 

Our commitnent to your data protection extends beyond the assessment process. We offer ongoing support and monitoring to ensure your suppliers maintain their compliance over time. This includes periodic reviews, updated questionnaires, and assistance with remediation efforts, providing you with peace of mind. 

With our expertise in data protection laws and regulations, we provide assurance that your suppliers meet the necessary compliance standards. Our assessments help you demonstrate due diligence, mitigate legal risks, and enhance your overall compliance posture.