In your company, are privacy and data protection requirements in vendor assessments more often seen as blockers or as drivers of business value? How do you balance these perspectives?

I observe privacy and data protection is dealt with from a compliance perspective. Otherwise no contract with US Hyperscaler would be possible for European customers

Once educated, people usually review vendor assessments as important safeguards for the business, however that education piece is critical. Ensuring everyone is aware of the importance and why it is needed is key. 

Given most vendor assessments I encounter are usually part of a procurement process that leads to signing some sort of contract with a vendor, then I find by incorporating the Vendor Assessment criteria into the 'Approved' Business Requirements Document or Statement of Requirements at the beginning of the process ensures all the vendor(s) that respond are evaluated/scored against this criteria as part of the overall process ensuring value for money and not having to do this as a separate exercise just before (or worse) after a contract has been signed. I apply this approach to any ancillary requirements that typically come up later in a project, such as, security, records management, human resources, etc. 
So no, I don't see it as a blocker but more as a driver of business value if done early and as part of the process to engage (procure) a vendor rather than something tacked on later.