Third-Party Privacy Due Diligence & DPA Clauses
N.B. Reference any customer evidence available (e.g., named case studies, anonymized results) under [ProofAssets] to strengthen credibility. Keep hooks compliant and non-promissory.
📄 Prompt Template
Assess [VendorName] providing [ServiceDescription] that processes [DataTypes] for [CompanyName]. Evaluate privacy and security posture, recommend DPA clauses, and determine onboarding risk.
Output format:
Scorecard (Markdown table) with dimensions: Data Scope, Subprocessors, Transfers, TOMs, Certifications, Incident History, DSAR Support, Deletion/Return, Audit Rights scored 1–5.
Clause recommendations mapped to risks (bulleted), including SLAs such as [SLA].
Final risk rating (Low/Med/High) with required conditions before go-live.
Ongoing monitoring plan for [Timeframe].
Reference [Regulation] and industry standards where relevant.