GDPR DDQ Now Available for Assessing Vendors' GDPR Compliance

March 27, 2018

ACA Aponix is pleased to announce our new GDPR-specific due diligence questionnaire (DDQ), which is designed to determine if your vendors are compliant with GDPR requirements, working towards compliance, or have not considered the implications of GDPR. This brief DDQ can be administered as a standalone questionnaire at a reduced rate, and it is now included by default in the standard ACA Aponix vendor DDQ.

If you are a data controller under GDPR, you are required to assess whether your vendors are GDPR-compliant data processors. Vendors that must comply with GDPR are not limited to those commonly known to process sensitive data, such as fund administrators, CRM solutions, outsourced payroll providers, and benefits providers. Many other vendors not typically considered to be a risk to your firm now come into scope under GDPR and may qualify as a data processor (e.g., event organizers).

GDPR goes into effect on May 25.

GDPR Resources

The following ACA resources are available to help your firm navigate the complexities of GDPR:

For More Information

For more information about how ACA Aponix can help your firm or your vendors prepare for the GDPR compliance deadline, please contact us at or contact your regular ACA consultant.