RPA-012 — Vendor & Supplier Due Diligence

Processing vendor information for procurement evaluation, contract management, and compliance verification.

Data Details

Data Subjects

Data Volume

200 - 500 vendor records

Data Categories

Processing Type

Collection

Automated Decision-Making

No

Legal Basis

Legitimate Interest

Consent Mechanism

Vendor onboarding forms with data collection notice

Purpose

Evaluating and managing vendors for compliance, financial stability, and business suitability.

Legal Basis Detail

Legitimate business interest in verifying vendor credentials and managing supplier relationships.

Recipients & Transfers

Internal Recipients

External Recipients

Retention & Security

Retention Period

Duration of contract + 7 years

Retention Justification

—

Security Measures

PDPL Compliance Assessment

Update →

D1 Data Subject Rights & Consent

70%

Partial

Most requirements for Data Subject Rights & Consent are addressed. Some gaps identified in documentation or process.

D2 Processing Principles & Lawful Basis

75%

Partial

Most requirements for Processing Principles & Lawful Basis are addressed. Some gaps identified in documentation or proce…

D3 Data Protection & Security

80%

Compliant

All requirements for Data Protection & Security are met. Documentation is complete and up to date.

D4 Organizational Requirements & Governance

78%

Partial

Most requirements for Organizational Requirements & Governance are addressed. Some gaps identified in documentation or p…

D5 Cross-Border Data Transfer

95%

Compliant

All requirements for Cross-Border Data Transfer are met. Documentation is complete and up to date.

D6 Compliance & Accountability

72%

Partial

Most requirements for Compliance & Accountability are addressed. Some gaps identified in documentation or process.

Associated Risks

1

Low Vendor data shared with procurement team without DPA… Accepted