Main menu

How to Manage Third Party Risks for GDPR, CCPA, and Beyond

Watch Now

The “General Data Protection Regulation” (GDPR) went into enforcement in May of 2018 changing the way companies process, store, and transfer data. Just as organizations are getting a handle on this regulation, along comes two new data privacy/security laws: the “California Consumer Privacy Act” (CCPA) and the “California – Information Privacy; Connected Devices”. Additionally, the United States Senate is working on a GDPR-style legislation for the United States which could be revealed in early 2019. All of this poses new questions and growing risks to be managed.

Topics discussed in the webinar include:

  • What is the current status of GDPR and its global impact?
  • What exactly is the CCPA and the new IoT law that goes into effect on Jan 1, 2020, who is impacted and how do you become compliant?
  • How does this effect Third Party Risk and Third Party Management?
  • What tools and techniques should you utilize to stay on top of your vendors?


Tom Garrubba
Tom Garrubba
Sr. Director/CISO
Shared Assessments

Tom Garrubba
Tom is an internationally recognized thought leader, lecturer, and blogger on third party risk, and is the head instructor for their Certified Third Party Risk Professional (CTPRP) program. An active writer and blogger on business risk, he has provided insight and commentary for various industry websites including the Huffington Post, Future of Outsourcing Magazine, Corporate Compliance Insights, Brilliance Security Magazine,, Government Health IT, and ISACA. Previously, Tom was Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party risk program. He has over 20 years of experience in IT security, privacy, audit, and compliance in industry and public consulting.