How Processors Under GDPR Can Streamline GDPR Compliance Reviews Using a Whistic Profile

June 18, 2018

As you may have read in our last post, we explored the definitions of processors and sub-processors as it relates to GDPR compliance. The focus of the article related to how companies can manage processors and sub-processors (otherwise known as vendors) under new GDPR regulations, including tracking data and integrations, managing questionnaires, storing documentation, and running reports.

However, there’s another side to GDPR compliance which affects the processors and sub-processors who are bombarded by their customers asking them to validate GDPR compliance. While answering risk assessment questionnaires and providing documentation regarding GDPR is completely necessary, it can take hours and hours of time away from critical InfoSec projects.

With Whistic, each processor and sub-processor can build a unique Whistic Security Profile and attach security and compliance documentation, pre-respond to a GDPR processor questionnaire, and get ahead of these types of reviews, allowing them to stay focused on increasing security measures.

But first, what exactly is a Whistic Security Profile? Simply put, it’s a professional security profile that is ready to be examined at any time by prospects, customers, partners, or auditors in order to satisfy their desire to understand your security and compliance posture. InfoSec teams only need to build a security profile once and then enable teams across the organization (such as IT or even sales) to share it repeatedly, instead of exhausting resources answering the same questions over and over again. Processors and sub-processors can use the profile as the first response for every inbound request or choose a more targeted strategy that identifies segments of customers or prospects that are an ideal fit for the profile.

In this post, we’ll take a look at 3 specific ways that processors and sub-processors can benefit from a Whistic Security Profile.

  1. Generate Trust

In today’s age of constant security breaches and never-ending stories of third parties that leaked data or didn’t have the correct protocols in place, trust is monumentally important. And when a processor readily has all of the information available for the requesting customer or prospective customer, it goes to show that they are prepared, have put significant resources into readying their organization for GDPR, and have a strong security posture that they’re not afraid to share details about.

2. Improve Internal Processes

When completed manually, vendor security assessments or questionnaires can quickly become a complete mess. It’s hard to keep track of who is in charge of answering which questions, when each assessment is due, and which questions have yet to be answered. On top of that, ensuring consistency is also difficult. Now, thanks to GDPR, assessment requests to processors and sub-processors have skyrocketed as companies need to ensure complete compliance for all vendors. Whistic’s Security Profile allows teams to complete the profile just once, and then send to requestors over and over. And what if you need to regularly update responses or want to add additional questionnaires to your profile? Whistic allows admins to easily assign questions as well as set a due date, and will automatically remind them to complete the task so nothing slips through the cracks.

3. Eliminate Wasted Resources

InfoSec teams have enough projects on their plates. While GDPR is certainly a key focus, they’re also responsible for many other security aspects. Each time an assessment is received, manual completion takes at least one member off of the team. Not only is effort wasted on completing the same types of assessments over and over, but the processor or sub-processor is paying for that individual to complete questionnaires when they should be focused on other high priority projects.

Ready to Learn More?

Check out our resources below for more third party vendor best practices and insights on how your organization can effectively approach security assessments.

Request a Live Demo with a Whistic Product Specialist


Why Third Party Security is Critically Important

information security cybersecurity vendor risk management gdpr security review

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.