Companies should assess the data protection practices of third-party vendors, sign robust data protection agreements, and regularly monitor vendor compliance to ensure the security of customer data entrusted to them.