How do I track which sub-processors our SaaS vendors use?
Sub-processors change more often than customers think. A workable system: you subscribe to notification emails, you keep a central list per vendor, and you reconcile that list half-yearly against your GDPR record to spot drift.
Try this first
- 1Subscribe per vendor to the sub-processor update email, often via trust.vendor.com or a separate preference page.
- 2Keep one spreadsheet or Notion page per vendor with: current sub-processors, location, last-update date.
- 3Set a half-yearly reminder to reconcile your GDPR record with this list, otherwise the record quietly drifts.
- 4On major changes (e.g. new US-cloud sub-processor): assess fit with risk appetite and notify privacy officer or DPO.
When to bring us in
If you have many vendors and no time to track manually, we can set up a light tooling approach.
See also
- New hire has an account but cannot reach Outlook or TeamsAn M365 account without a license is an empty shell. Assigning takes a few clicks, but picking the right plan pays off long-term.
- Employee left, but their email must be retainedPulling the license straight away starts a 30-day timer on the mailbox. The right route keeps access to the mail without paying for the license.
- We pay for licenses nobody usesBetween leavers, duplicate plans, and test accounts there is often 10-20% wasted license spend. A usage report exposes it fast.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.