The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Processor due diligence checks

You have due diligence checks to guarantee that data processors will implement appropriate technical and organisational measures to meet GDPR requirements.

Ways to meet our expectations:

  • The procurement process builds in due diligence checks proportionate to the risk of the processing before you agree a contract with a processor.
  • The due diligence process includes data security checks, eg site visits, system testing and audit requests.
  • The due diligence process includes checks to confirm a potential processor will protect data subjects’ rights.

Can you answer yes to the following questions?

  • Are staff aware of what they need to do?
  • Is there a clear and effective process?
  • Are due diligence checks proportionate to the risks?