1. Ask an ITAD
  2. Regulatory Compliance

How can we transfer data protection regulatory liabilities to a vendor?

There is no legal mechanism for transferring data protection regulatory liabilities to a vendor.

You can contract your disposal and data destruction vendors to be financially responsible for items such as the cost of a breach notification or legal fees associated with a result of a non-conformity.

The data controller or covered entity (owner of data) has an unavoidable responsibility to applicable regulatory compliance.

A vendor that claims to indemnify a client of such responsibilities is incorrect either purposefully to simplify a transaction with a client, or as a result of an incomplete understanding of data protection regulations and compliance.

Can't find what you're looking for?Ask us here and we will be in touch within one business day.