What major challenges do companies face with respect to protecting confidential personal data when outsourcing work to offshore vendors?
I suggest that you read this article https://diceus.com/gdpr-compliance-top-agenda-2018/ . It outlines how organizations can establish and enforce information-security policies that will help them comply with these privacy regulations.
The uncertainty stemming from the lack of consistency in data-protection laws across different jurisdictions in particular can pose challenges to firms outsourcing business to vendors overseas. For example, local vendors in India providing outsourcing services currently are not uniformly subject to any extensive legislative or regulatory data-protection controls, whereas companies in Europe are subject to stricter privacy standards. In the US alone, despite the proliferation of state data protection laws, there currently is no comprehensive federal privacy statute for data protection blanketing all sectors of the economy. As there are no consistent universal standards governing privacy practices, firms outsourcing business to offshore vendors must ensure that they have well-constructed agreements in place or they may be subject to absorbing many of the penalties that arise from privacy breaches, even in cases where the offshore vendor is at fault. Q. Do you anticipate that US officials