The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Processor compliance reviews

Your organisation reviews data processors’ compliance with their contracts.

Ways to meet our expectations:

  • Contracts include clauses to allow your organisation to conduct audits or checks, to confirm the processor is complying with all contractual terms and conditions.
  • You carry out routine compliance checks, proportionate to the processing risks, to test that processors are complying with contractual agreements.

Can you answer yes to the following questions?

  • Is there any follow-up where you identify non-compliance to contract terms or a Service Level Agreement?
  • Are the checks proportionate to the risks?