Reference 2018-48

REF:       2018-48    

Subject:   GDPR compliance    

          

 

Request:

  1. How would you describe your GDPR preparedness?
  • Already Compliant.
  • On target to be compliant by May 25th, 2018.
  • Project underway but suffering difficulties.
  • Barely Started.
  • Haven’t started.

2. Have you identified all your data processing partners?

  • Yes
  • No
  • Unsure

3. Do you have contracts in place with all your data processing partners?

  • Yes
  • No
  • Unsure

4. Do you use a third party to provide data erasure or destruction services on your end of life IT infrastructure?

  • Yes
  • No
  • Unsure

5. If you use a third party, do you have a contract in place with them?

  • Yes
  • No
  • Unsure

6. How have you assessed “sufficient guarantees” from this company? (Please tick all that apply)

  • In writing from them.
  • Via Contract Terms.
  • Relevant accreditation.
  • Independent Assessment/audit.

7. Does this contract include clarification on process for dealing with: (Please tick all that apply)?

  • Breach Notification?
  • Subject Access Requests
  • Changes in processing activities which require a DPIA

8. If you use a third party what is their name?

9. How regularly do you or an independent third party, audit this company?

  • Never
  • Every 6 months
  • Every 12 months
  • Irregularly but over 12 months
  • Unsure

 

 

Response:

Please find information attached.

2018-48 – FOI Request – GDPR compliance [127 kb] PDF