Home

ShowMe-TellMe ยท Third Party & Privacy Risk Appraisal
๐Ÿ”— Third Party & Privacy Risk

ShowMe-TellMe

“If you can’t show it, you can’t prove it.”

A structured appraisal platform that reveals the true state of your third party relationships and privacy risk posture โ€” with AI-powered scoring, actionable insight, and evidence you can stand behind.

Access Your Dashboard Get in Touch
Scroll
The Risk Landscape

The cost of not knowing
is greater than the cost of finding out.

Organisations that lack visibility into their third party relationships and privacy risk exposure face escalating regulatory, operational and reputational consequences. Your risk doesn’t stop at your own front door โ€” and neither does your accountability.

ยฃ17.5M
Maximum UK ICO fine under UK GDPR for serious data breaches
72hrs
Mandatory window to report a data breach to the regulator
56%
Of data breaches originate from or involve a third party vendor or supplier
60%
Of SMEs that suffer a significant breach close within 6 months
โš–๏ธ
Regulatory Risk
UK GDPR holds you accountable for how your processors and sub-processors handle personal data โ€” regardless of what a contract says. Gaps in vendor due diligence, DPIA coverage, or Article 28 compliance leave you directly exposed to ICO investigation and enforcement.
๐Ÿ”—
Third Party Risk
Every supplier, contractor, or SaaS platform with access to your data or systems is an extension of your risk surface. Without structured oversight โ€” onboarding, contractual controls, ongoing review โ€” you cannot evidence due diligence, only claim it.
๐Ÿ“ฐ
Reputational Risk
A breach originating from a third party is still your breach in the eyes of regulators, clients, and the public. In regulated sectors, the reputational damage from a supplier-linked privacy failure frequently outlasts the financial penalty.
The Process

From exposure to evidence
in three clear steps.

01
Assess
Work through a structured set of data points across privacy and third party risk categories. Answer honestly โ€” the platform is designed to surface reality, not reward optimism.
02
Score
Each answer is evaluated by AI against the SMTM rubric, returning a score of 0โ€“3 with detailed gap analysis, recommended actions and a quick win for immediate progress.
03
Act
Receive a full appraisal summary โ€” heatmap, executive report and prioritised recommendations โ€” giving leadership the visibility to make informed, evidenced decisions on third party and privacy risk.
What We Assess

Eight domains. Third party and privacy risk, fully covered.

ShowMe-TellMe evaluates your organisation across eight core pillars of third party and privacy risk โ€” giving you a complete, evidenced picture of where you stand and where your exposure lies.

๐Ÿ”—
Third Party Governance
Vendor onboarding, due diligence, contractual controls, ongoing oversight, sub-processor management and exit provisions.
๐Ÿ—„๏ธ
Data Management & Privacy
Data lifecycle, subject rights, retention, deletion, cross-border transfers, AI and inference โ€” mapped to your legal basis and privacy obligations.
๐Ÿ–ฅ๏ธ
Infrastructure & Access Control
Patch management, third party system access, user devices, data isolation and storage security across your supply chain.
๐Ÿ”’
Physical & Environmental Security
Facilities access, server controls, information destruction and external privacy controls โ€” including those operated by suppliers on your behalf.
๐Ÿ›ก๏ธ
Incident & Breach Management
Alerting, incident response, breach notification obligations, third party incident protocols and regulatory reporting under UK GDPR Article 33.
๐Ÿ“‹
Policy & Contractual Framework
Core policy documentation, Article 28 processor agreements, data sharing agreements, DPIAs and evidence of implementation.
โš™๏ธ
Privacy Engineering & Secure Development
Privacy by Design, secure development lifecycle, threat modelling, third party integration standards and developer competence.
๐Ÿ—๏ธ
Privacy Architecture & Technical Governance
API and integration privacy controls, data minimisation at interface level, authentication and protection against third party API abuse.
Third Party Risk

Your risk doesn’t stop
at your door.

Every supplier, contractor and partner with access to your data or systems is an extension of your risk profile. Under UK GDPR, you remain accountable for how third parties process personal data on your behalf โ€” regardless of what a contract says, and regardless of where in your supply chain a failure occurs.

ShowMe-TellMe places third party risk at the centre of your appraisal โ€” covering onboarding, oversight, contractual controls, sub-processor chains and ongoing review โ€” so you can evidence due diligence, not just assert it.

Talk to Us About Third Party Risk
๐Ÿข
๐Ÿ”—
๐Ÿ”—
๐Ÿ”—
๐Ÿ”—
Why ShowMe-TellMe

Built for organisations that need
more than a vendor questionnaire.

๐Ÿค–
AI-Powered Scoring
Every answer is evaluated by AI against a structured rubric โ€” delivering consistent, objective scoring with detailed improvement guidance.
๐Ÿ“Š
Visual Clarity
Heatmaps, band ratings and completion percentages give leadership an instant view of risk across every category and goal.
๐Ÿ“„
Evidenced Reports
Generate a full executive summary โ€” structured, professional and PDF-ready โ€” suitable for board reporting, regulatory review or client assurance.
๐Ÿ”
Secure by Design
Role-based access, encrypted API keys, audit logging and session controls ensure your appraisal data is protected at every layer.
Know What to Look For

The black art of data privacy:
dark patterns in permissions.

Organisations โ€” and their suppliers โ€” routinely use design and language to obscure, manipulate or obstruct meaningful consent. These aren’t edge cases. They are systemic, frequently unlawful, and directly relevant to your risk posture. Click any pattern to understand the mechanism, the regulatory exposure, and what good looks like.

Consent manipulation
Pre-ticked boxes
Opt-out disguised as opt-in
Consent bundling
Unrelated purposes tied together
Cookie walls
Pay or consent ultimatum
Confirm-shaming
“No thanks, I hate deals”
Architecture tricks
Purpose creep
Data reused beyond stated scope
Default-on
Sharing on unless you find the off
Silent consent
Continued use = agreement
Daisy-chaining
Consent passed through vendors
Friction by design
Roach motel
Easy in, hard out
Labyrinth settings
Buried 6 menus deep
Fake LIA
Legitimate interest as a shield
Deletion friction
Obstacles to erasure requests
Obfuscation
Notice fatigue
Policies no one can read
Vague categories
“Improve your experience”
Privacy theatre
Compliant form, empty substance
Retroactive drift
Policy updated, data already used

Regulatory risk

Click any pattern to read the detail

Get in Touch

Ready to see where you stand?

Whether you’re looking to run your first appraisal, assess your third party risk exposure, or discuss how ShowMe-TellMe can support your privacy compliance programme โ€” we’d love to hear from you.

๐Ÿ’ฌ
Quick Response
We aim to respond to all enquiries within one business day.
๐Ÿ”’
Confidential
Your enquiry is treated in confidence. We don’t share your details with third parties.
๐ŸŽฏ
No Obligation
We’re happy to answer questions and discuss your needs without any pressure or commitment.