GDPR third party data processing
Are you prepared for a due diligence risk assessment?
If you haven’t done so already you need to prepare now.
You should by now have received numerous requests from your commercial clients to complete and submit information about every aspect of your business. This forms a significant part of your responsibilities in your journey toward GDPR compliance.
Examples of some due diligence questions you may be asked
“Have you completed a GDPR programme which demonstrates your compliance?”
“Do you have a formal procedure for reporting data leaks and breaches to the ICO within 72 hours?”
“How do you receive the personal data? Describe how personal data enters into and through your company. Include systems used and people involved at all touch points of the personal data flow.”
“When was training last given and are all employees trained on induction and annually?”
“How do you ensure the policy / guidelines are properly implemented?”
“Document and provide copies of all lawful basis for sharing the personal data.”
“Provide number of suspected personal data security breached in the last 12 months.”
“Describe your method(s) of suppressing personal data on request.”
“Do you back up the personal data? Where is this stored (include locations of server if applicable)?”
“Describe the way in which the personal data moves through your company (systems, people, paperwork etc)”
“Do you have a data protection policy to cover personal data?”