provide onboarding and annual data protection and information security training for their staff. Your vendor should also have a nominated data protection lead (such as a security and compliance officer). And your embedded integration vendor should also provide complete transparency over the use of data through an up-to-date privacy policy. Key certifications 23