There is no legal mechanism for transferring data protection regulatory liabilities to a vendor.
You can contract your disposal and data destruction vendors to be financially responsible for items such as the cost of a breach notification or legal fees associated with a result of a non-conformity.
The data controller or covered entity (owner of data) has an unavoidable responsibility to applicable regulatory compliance.
A vendor that claims to indemnify a client of such responsibilities is incorrect either purposefully to simplify a transaction with a client, or as a result of an incomplete understanding of data protection regulations and compliance.
Can't find what you're looking for?Ask us here and we will be in touch within one business day.