Is Effective Third-Party Due Diligence Possible Under GDPR?

The General Data Protection Regulation (GDPR) became enforceable on May 25, 2018, replacing the Data Protection Directive 95/46/EC, and imposing new obligations on organizations that process the personal data of EEA residents or data subjects. In this paper, Steele examines whether the new obligations placed on data controllers and data processors will adversely impact a data controller’s ability to conduct effective due diligence on their third-party business partners and meet their obligations to implement an effective compliance program, particularly as it relates to anti-bribery anti-corruption (ABAC) compliance.

This paper will address issues of concern, including:

  • Lawful Bases for Processing Personal Data Under GDPR
  • Applications of Lawful Bases to Third-Party Due Diligence Under GDPR
  • Consent and GDPR
  • Compliance with Other Laws
  • Other GDPR Provisions Impacting Third-Party Due Diligence

Download our whitepaper, “Is Effective Third-Party Due Diligence Possible Under GDPR?” to learn more.


Steele is now part of Diligent.

To stay up to date on the latest product offerings, research and GRC resources please visit or to login to your Steele products please visit

Visit Diligent Login