GDPR Implementation (935_18)
Under the terms of the freedom of information act can I respectfully request information in regard to your preparation and understanding of GDPR compliance.
Questions for GDPR FOI 2018
How would you describe your GDPR preparedness?
- Already Compliant.
- On target to be compliant by May 25th, 2018.
- Project underway but suffering difficulties.
- Barely Started.
- Haven¿t started.
Have you identified all your data processing partners?
Do you have contracts in place with all your data processing partners?
Do you use a third party to provide data erasure or destruction services on your end of life IT infrastructure?
If you use a third party, do you have a contract in place with them?
How have you assessed “sufficient guarantees” from this company? (Please tick all that apply)
- In writing from them.
- Via Contract Terms.
- Relevant accreditation.
- Independent Assessment / audit.
Does this contract include clarification on process for dealing with: (Please tick all that apply)?
- Breach Notification?
- Subject Access Requests
- Changes in processing activities which require a DPIA.
8. If you use a third party what is their name?
9.How regularly do you or an independent third party, audit this company?
- Every 6 months
- Every 12 months
- Irregularly but over 12 months
Please find attached our response.