Expert Series Podcast - Session 2 - A Deeper Dive into GDPR & Why Organizations Need To Be Thinking about Third Party Risk

Session 2 of 3 (approx. 15 minutes)

I had the great pleasure to speak with Simon McDougall, GDPR expert and Managing Director at Promontory Financial about GDPR & Why Organizations Need To Be Thinking About Third Party Risk. Simon shared insights around GDPR best practices, possible blind-spots, and approaches for Board members, C-suite and middle-management.

The new General Data Protection Regulation (GDPR) - which comes into force in May 2018 - may at first blush seem like “just another EU regulation”. However, organizations - and specifically third party risk management teams within them - would take a “tick-box” approach to compliance at their peril.

In this session, Simon and I discussed:

  1. In relation to GDPR and Third Parties, what are some unexpected use-case that firms have not been considering? 
  2. Are intra-company or international back-office processors areas that firms need to focus on?
  3. How do controllers ensure their processors are actually complying with GDPR process? What are your recommendations? 
  4. Do you see any independent audit standards coming for GDPR?  
  5. Which functions are you seeing managing the GDPR compliance process and how do you get stakeholders to collaborate?
  6. Does GDPR present organizations with an opportunity for competitive advantage?
  7. What are some potential best-practices or pitfalls around how companies can leveraging technology to be compliant for GDPR?

Also enjoy podcast sessions 1 and 3, links available below.


Aravo Podcast - Simon McDougall.jpg

Managing Director, Promontory Financial, London

Simon McDougall is a Managing Director in Promontory’s London office, and leads Promontory’s global privacy and data protection practice. He is a Chartered Accountant and until 2010, led Deloitte’s UK Privacy & Data Protection and Payments Regulation teams. He specializes in privacy and data protection, information governance and regulatory investigations.

Simon has led engagements with some of the world’s largest financial institutions, technology firms, retailers and life sciences firms. He has developed rationalized privacy risk management models, built enterprise-wide privacy programs and managed in-depth data protection audits. He spent six months seconded as the Head of Privacy and Records Management for the retail half of a large international bank.

Simon serves on the IAPP Board of Directors and the IAPP European Advisory Board. He has previously served on the UK Data Protection Forum executive, the BSI Data Protection Editorial Board, the DataGuidance Panel of Experts, the President of the Law Society’s Surveillance Working Group, and a range of other consultative and advisory groups. He was the co-author of a paper to the Leveson Inquiry, addressing privacy and press regulation.


For more information about how Aravo can help improve your Third Party Risk Management programs, please contact us.


Related Content:

Expert Series Podcast - Session 1 - GDPR & Why Organizations Need To Be Thinking About Third Party Risk

Expert Series Podcast - Session 3 - Looking toward the future with GDPR & Third Party Risk – with consideration to privacy regulations in other countries

Executive Overview - The New GDPR: Taking A Strategic Approach To An Internationally-Focused Data Protection Rule

Infographic - EU GDPR & Third Party Risk - 5 Steps You Can Take Today

Blog Post - The EU GDPR & Third Party Risk: Why Global 2000 Companies Should Be Focused on Third Party Compliance

Executive Download - Third Party Risk Management in the Dynamic of Business Scale, Complexity, and Change 

Analyst Podcast - Session 1 - How to Develop a Third Party Management Strategy

Analyst Podcast - Session 3 - How to Develop a Third Party Management IT Architecture 

OCC Update Briefing 2017-7 - The OCC's Supplemental Examinations Procedures for Third Party Relationships Raising the Bar for Banks' Third Party Risk Management

Request A Demo of Aravo Third Party Risk Management Solutions



Topics: third party risk management, Data Security & Privacy, GDPR, General Data Protection Regulation, cybersecurity, data privacy, corporate regulation