How is your company tracking whether 3rd party APIs used by your production code to exchange data with vendors, providers, and partners through connectors are: (1) Exchanging the agreed upon data as defined in the Data Protection Agreements (DPA), Standard Contractual Clauses (SCC)? (2) Validating geographical data residency and transfer guidelines with the 3rd parties that have been agreed upon?

We are not able to do this in real time as of now9%

We do quarterly manual reviews or yearly interviews with the 3rd parties33%

We depend on the 3rd parties to let us know out of band if they feel they have violated the DPA, SCC28%

We have a dedicated personnel that monitors these data transfers using homegrown tools11%

We use outbound firewalls, CDNS, load balancers, API gateways - to get some visibility into these issues, but don't have a complete workflow in place9%

We have built homegrown custom solutions to address this4%

We use commercial services to answer if there is a difference between expected DPA, SCC behavior and reality in terms of data being sent to 3rd parties2%