You have due diligence checks to guarantee that data processors will implement appropriate technical and organisational measures to meet GDPR requirements.
Ways to meet our expectations:
- The procurement process builds in due diligence checks proportionate to the risk of the processing before you agree a contract with a processor.
- The due diligence process includes data security checks, eg site visits, system testing and audit requests.
- The due diligence process includes checks to confirm a potential processor will protect data subjects’ rights.
Can you answer yes to the following questions?
- Are staff aware of what they need to do?
- Is there a clear and effective process?
- Are due diligence checks proportionate to the risks?