Questions
List all companies and 3rd parties that store your data.
Have you carried out due diligence on your third-party suppliers?
- No
- Yes
- Not Applicable
Are your third-party suppliers GDPR compliant?
- No
- Yes
- Not Applicable
Resources
Download: Data_Processing_Agreement_Template
Download: Data_Processing_Clauses_Template
Are your third-party suppliers able to stand behind the warranties and indemnities contained in your contracts?
- No
- Yes
- Not Applicable
Do your contracts request that third party suppliers comply with GDPR including putting in place appropriate technical and organisational measures?
- No
- Yes
- Not Applicable
Are you relying on third parties to obtain consents where you may be processing data?
- No
- Yes
- Not Applicable
Do your contracts state that the consents have been obtained in accordance with GDPR?
- No
- Yes
- Not Applicable
Do you have contracts with them?
- No
- Yes
- Not Applicable
Recommended Actions
Consider what third parties process data on your behalf.
- Completed
- Not Applicable
- In Progress
Consider what third parties may have access to your personal data – icloud storage companies.
- Completed
- Not Applicable
- In Progress
All organisations need to enter into contracts with third party data processors.
- Completed
- Not Applicable
- In Progress
Establish a culture of monitoring, reviewing and assessing your data processing procedures, aiming to minimise data processing and retention of data, and building in safeguards.
- Completed
- Not Applicable
- In Progress
Do you undertake and record prior diligence of service providers.
- Completed
- Not Applicable
- In Progress
Data controllers may only appoint data processors which provide sufficient guarantees to implement appropriate technical and organisational measures to ensure processing meets the requirements of the GDPR. Processors are required to process personal data in accordance with the controllers instructions.
- Completed
- Not Applicable
- In Progress