Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

A step-by-step guide to mapping Vendors

Keep track of your organisation's personal data and documentation by mapping your Systems and Vendors – here’s a guide to adding Vendors.

Publish date: March 28th 2025

Mapping your vendors

Once you've added your Systems and what types of personal data they process, you're ready to fill in the Vendor details.

A Vendor is typically a provider of a System or service. And will often processes personal data records on behalf of the business, as per a data processing agreement (DPA).

1. Start by heading to System & Vendor Management and then selecting Vendors on the left

A step-by-step guide to mapping Vendors ENG - Dashboard

A step-by-step guide to mapping Vendors ENG - Vendors navigation

From here you can see all the vendors currently mapped. Alongside the information mapped to each vendor.

By mapping your systems and vendors you build a strong base for building your Records of Processing Activities.

2. To add a new vendor, choose "Add vendor"  in the top right
A step-by-step guide to mapping Vendors ENG - Vendors page

 

Make sure to read out article on What is a vendor in Wired Relations.

3. Type in the name of the Vendor and remember to 'Save'.

If you wish to add more Vendors, press “Save & create new”.

It can be a good idea to add the corporate suffix (inc. LLC etc.) as often times a vendor is called the same as the software it provides.

A step-by-step guide to mapping Vendors ENG - Name the vendor

 

4. Open up a vendor to reach the detail page
From the detail page you can access add and edit information on each vendor.

A step-by-step guide to mapping Vendors ENG - Vendor detail page

Each vendor contains a lot of options. Below you can find a description of what it all refers to.

Remember that most of the default options in these menus can be edited from the settings.
Or by adding options as you answer each question.

 

Base information

Status
Register whether this system has been fully mappe (Done) or underway (In progress) or still empty (Not started).

This is tracked on the dashboard as the percentage of systems that are Done.

Company (Only visible if you have group structure activated)
Register which companies, in a group, make use of this system in this way.

Responsible
Who internally is Owner of the system, and who is Responsible for the system.

Addition system fields

It's possible to add 2 additional fields to the vendor page. These are off by default, however can be added by your Customer Success Manager, or our support (support@wiredrelations.com)

Vendor type
What type of vendor are we mapping? A data processor, a joint controller, a consultant, a software vendor?

Criticality
How critical is this vendor for business operations.

Data processing

A step-by-step guide to mapping Vendors ENG - Data processing

These three questions help you map out your data processors, and track how far you are in collecting all required Data Processing Agreements (DPA's)

Is the vendor a data processor
Map whether this vendor is one of your data processors, if they are then additional questions appear.

Does a data processing agreement exist?
Since they're a data processor there should be a DPA in place. If not one needs to be made with the vendor.

Is the data processing agreement compliant?
Many DPA's were created shortly after the GDPR was implemented, which led to many of them being insufficient or even not being a DPA at all.
Make sure to check that the DPA you have, is compliant with modern practice.

Read more about requirements for a DPA

 

Description page

On this page you get the most relevant overview of information of the vendor.

Description
A short description of the vendor and it's purpose.

Labels
Use this function to label the system in different customised ways. See our article on labels best practice.

Audit type
What type fo audit will you be conducting with this vendor?
Check with your local data protection authority for guidance on what is considered a sufficient audit for different types of data processors.

Connected systems
See which systems are provided by this vendor.
 

Risk assessments
From here you can see which risk assessments have been completed about this vendor, their conclusions, and you can create a new risk assessment.

Contacts

Log the contact information for different people at the vendor. Most importantly you should log the contact information you need to use when you want to audit the vendor.

Locations

Register the locations, data transfers, and sub-vendors of this vendor.

This information should be available in the DPA.

A step-by-step guide to mapping Vendors ENG - Locations

Locations
Most important are the locations outside of the EU or EEA. As these are considered third countries and require a legal basis for transfer.

Subprocessors (or sub-vendors)
Register the chain of sub-processors or sub-vendors generally.
These can be filtered from the overview which will can prove to be a major time saver in cases of breaches or other issues with specific sub-vendors.

Attachments

Attach any relevant documentation, so you can access all information from the same place. This could be a DPA, Price agreement, etc.

Remember that an attachment can also be a link to an external source or system.
 

Tasks

See all tasks currently connected to this vendor, and create new tasks. For more details see our Walkthrough of Tasks

Questionnaires

Use our questionnaires function to send questionnaires to vendors as part of an audit or initial evaluation of a vendor.
See our article on vendor questionnaires.
 

Conclusion

Once you've mapped most of your vendors you can start mapping your processing activities.