From the European Union’s GDPR to California’s new privacy law, there has been a tidal wave of new data privacy and cybersecurity regulations globally. This surge of new laws requires legal counsel to identify, with great certainty, all the third-party service providers that access, process, or store personal and regulated data on behalf of their companies.

An average of 63 percent of a company’s personal and sensitive data is disclosed to or managed by third parties spanning a wide range of functions, including human resources, law firms, legal service providers, payroll, accounting, marketing, customer services, software development, engineering, and many more.

Any third party with access to your company’s personal, sensitive, or otherwise regulated data represents a risk and is subject to data privacy and cyber security regulations. The stakes have never been higher. You can’t afford to be surprised.

The regulations make it clear that you are responsible for your third parties — all of them. ACC’s Third-Party Compliance Best Practices white paper says effective compliance requires you to know which third parties are relevant to data privacy and cyber security regulations and to assess their data protection practices and compliance routinely and systematically