Automating Vendor Diligence

The project helps in-house legal teams conduct due diligence on a vendor's data privacy processes. The diligence review involves:

• Assessing the data privacy risk level of the vendor
• Determining where our data flows
• Reviewing their DPA clause by clause
• Checking their SCCs for international data transfers

The review involves a few high-level assessments and a review of a vendor's DPA. I created a Claude Cowork to guide and largely automate this process.

1. I designed a Claude Cowork skill through writing out the steps and calibrating it with our policies
2. I then asked it to prompt me to share the DPA for each vendor. Skill created.
3. Now, each time I run the skill, Claude creates a React artifact - essentially a survey template
4. I input the DPA of each vendor into Claude. This auto-populates certain review fields, which I double-check
5. I complete what’s left of the survey as a tick-box exercise.
6. Then Claude creates a Notion page, and my review of the vendor get’s recorded in our database

DPA review including review of SCCs Adequacy review of DPA and Terms of Service React Artifact - interactive survey format Legal review automation