Keeping a third party vendor log is important under the GDPR because organisation’s are responsible for ensuring the privacy of personal data they process, regardless of whether the data is processed by the organisation itself or by a third party vendor on its behalf.