Privacy Resources for BlackBerry Vendors

Vendors doing business with BlackBerry must engage with the BlackBerry Procurement team and undergo a Vendor Risk Assessment prior to being approved to commence any services.  BlackBerry has provided the below resources to assist potential BlackBerry vendors.

BlackBerry Vendor Security Requirements

The BlackBerry Security Requirements document details specific minimum-security requirements that BlackBerry expects of any third-party supplier, consultant, service provider or Supplier (“Supplier”) processing, storing or transmitting BlackBerry Data.

Click here to download a copy of the BlackBerry Security Requirements.

BlackBerry Vendor Data Processing Agreement (DPA)

BlackBerry Vendors who process personal data while providing goods or services, are required to sign and comply with the BlackBerry Vendor DPA. 

Click here to download an exemplar copy of the BlackBerry Vendor DPA.

When working with BlackBerry Procurement, the following information will be required to complete the BlackBerry Vendor DPA:

• Vendor corporate legal name

• Name, title and email address of authorized signatory

• Information required in Annex I to the EU Standard Contractual Clauses (SCC):

  • Categories of data subjects whose personal data is transferred

  • Categories of personal data transferred

  • Special Categories of personal data (if applicable)

• List of Vendor’s subprocessors as required by Annex III to the EU SCC, including:

  • Legal name of each subprocessor

  • Category of data subject processed by each subprocessor

  • Types of personal data processed by each subprocessor

  • Description/Purpose of processing for each subprocessor