Post by Belgian Cyber Security Coalition

🔐 From “GDPR ready” to real risk: what does Third Party Risk Management look like in practice? At our latest Privacy Focus Group session, we explored one of today’s most pressing challenges: 👉 how to translate Third Party Risk Management (TPRM) from framework to reality. Through a very practical case discussion, it quickly became clear that TPRM is not just about compliance — it sits at the heart of business continuity, operational resilience, and trust. 💡 A few key takeaways from the discussion: 🔷Speed vs. control is a constant tension Business needs to move forward quickly, while privacy, security and legal functions must ensure risks are properly assessed. There is no perfect balance — only continuous alignment. 🔷 “GDPR ready” is not an assessment Vendor claims must always be challenged and validated. Questionnaires alone are not enough — testing and real interaction matter. 🔷 A “pilot” does not mean low risk If real data is involved, the risk is real. Temporary setups still require proper assessment. 🔷 Vendor dependency builds silently What starts as a solution can quickly become a strategic dependency. ➡️ Exit strategies should be considered from day one. 🔷 Not all vendors require the same effort A risk-based, tiered approach is essential to keep TPRM manageable and efficient. 🔷Digital sovereignty is no longer theoretical It is becoming an increasingly relevant factor when assessing third-party risk, especially in complex supply chains and AI-driven solutions. What made this session particularly valuable was the open exchange of real-life challenges and approaches, showing that while frameworks exist, pragmatism remains key. 🙏 A big thank you to Florence Steenackers (Approach Cyber) for the moderation, Dinu Codreanu and Stella Tsatsaki (KPMG Belgium), Joanna HARDING (Ypto), and Nathan Vanhelleputte Barcelona (Bnode) for their insightful contributions and thorough preparation of the workshop. Their input and the practical case sparked a lively and highly relevant discussion. Looking forward to continuing these exchanges in the next sessions! #CyberSecurity #Privacy #TPRM #ThirdPartyRisk #DataProtection #DigitalSovereignty #CyberResilience