Compliance & Risk Management: the importance of third-party assessment

In this third edition of the Compliance & Risk Management Newsletter, professionals of Andersen’s 231/Privacy Service Line have explored the topic of third-party assessment in order to highlight the increasingly importance for companies to adopt appropriate measures to mitigate risks related to the supply chain, thereby improving their governance.

Compliance under the spotlight: the 231-system tested in the luxury sector

The recent judicial administrations involving brands such as Loro Piana, Valentino Bags Lab, Armani Operations, and Manufactures Dior have highlighted a common weakness: the lack of control over third parties and subcontractors across the supply chain. In a sector where production is often outsourced, due diligence on suppliers has become one of the main pillars of 231 liability.

Legislative Decree 231/2001 requires a preventive approach capable of identifying and managing risks of labor exploitation, irregular work, or unethical practices, even among business partners. A merely formal compliance model is not enough: companies must implement systems of assessment, monitoring, and traceability involving every player in the value chain.

How to make the privacy notice more understandable to third parties

In the field of data protection, the Data Controller has to inform data subjects about the purposes and methods of processing their personal data. The GDPR itself also states that the privacy notice must be clear, easily accessible, and written in simple and understandable language. However, in most cases, it presents itself as a long, technical and difficult to understand document. To improve its communicative effectiveness, it is therefore essential to adopt measures and strategies that facilitate its reading and comprehension

In particular, it is important to avoid technicalities and complex legal formulas, while, on the visual side, it is essential to organise the information into thematic sections, with clear titles and bullet points. Moreover, the use of infographics, icons and diagrams typical of legal design can greatly facilitate the reading and understanding of the document.

This makes it possible to strengthen user trust and promote a more data protection-aware culture.

Risk in the supply chain: the importance of Third Party Risk Assessment

Managing risk within the supply chain has become one of the most critical areas of corporate compliance, as misconduct by suppliers, subcontractors, or consultants can result in serious legal, reputational, and financial consequences

The Third Party Risk Assessment is the key tool to prevent such risks: it enables organizations to evaluate the integrity, soundness, and compliance of external entities both before and during the business relationship

On the operational level, this translates into the adoption of standardised due diligence questionnaires and software that enable the creation of an effective supply chain monitoring system, thereby strengthening resilience.