GDPR third party data processing

Are you prepared for a due diligence risk assessment?
If you haven’t done so already you need to prepare now.

You should by now have received numerous requests from your commercial clients to complete and submit information about every aspect of your business. This forms a significant part of your responsibilities in your journey toward GDPR compliance.

What are the risks?

Failure to deliver this information in a timely manner could well present a significant commercial risk plus unwelcome GDPR compliance implications …and do remember to ensure absolute clarity throughout the firm for minimising issues.
You may not be able to complete this process without the co-operation of your own third-party data processing suppliers, so managing your relationship with them is also really important for your GDPR compliance.
It is vital, that you consult with all third party data processing suppliers to confirm their GDPR compliance, by way of asking all the relevant questions required to satisfy your compliance documentation and also the ICO in the event of a breach.
As accredited GDPR specialists, we can help you with this stage of your compliance journey. Module 10 of our GDPR programme covers all aspects of this complex area within the regulation.

Request a free, no obligation meeeting

Examples of some due diligence questions you may be asked

“Have you completed a GDPR programme which demonstrates your compliance?”
“Do you have a formal procedure for reporting data leaks and breaches to the ICO within 72 hours?”
“How do you receive the personal data? Describe how personal data enters into and through your company. Include systems used and people involved at all touch points of the personal data flow.”
“When was training last given and are all employees trained on induction and annually?”
“How do you ensure the policy / guidelines are properly implemented?”
“Document and provide copies of all lawful basis for sharing the personal data.”
“Provide number of suspected personal data security breached in the last 12 months.”
“Describe your method(s) of suppressing personal data on request.”
“Do you back up the personal data? Where is this stored (include locations of server if applicable)?”
“Describe the way in which the personal data moves through your company (systems, people, paperwork etc)”
“Do you have a data protection policy to cover personal data?”

Needless to say, that the GDPR now tests all Law firms UK wide, with no exception and all need to be prepared and very importantly aware of the detail. For more information and a free no obligation meeting contact us