While complying with data privacy laws can be multi-faceted, time-consuming, and even expensive, the alternative is far less desirable. As data privacy executives pointed out, a methodical approach to data privacy compliance is essential. This new strategy involves getting to know vendors from various angles (their data privacy programs, their technology, their geographical location) and having sophisticated systems that enable procurement executives to mitigate risks.

Not all vendors need the same level of risk assessment resources, so risk tiering should be the first step to build flexibility into your program. Involving input from different stakeholders to ultimately reach sound risk mitigation decisions is what our interviewees repeatedly suggested.