Annual GDPR Compliance Assessment
in progressProgress
Documents
2/3 uploaded
Questions
3/6 answered
Review & Send
Pending
Step 1: Document Requirements (2/3)
Data Processing Agreement (DPA)
Signed DPA with Standard Contractual Clauses
ISO 27001 Certificate
Valid ISO 27001:2022 certification
Privacy Policy
Current privacy policy document
Step 2: Questions (3/6)
Do you maintain a Record of Processing Activities (ROPA) as required by Art. 30 GDPR?
What is your legal basis for processing personal data for each category of processing (Art. 6 GDPR)?
We process personal data under the following legal bases: (1) Contract performance (Art. 6(1)(b)) for customer service delivery, (2) Legitimate interest (Art. 6(1)(f)) for analytics with opt-out mechanisms, (3) Consent (Art. 6(1)(a)) for marketing communications...
Do you conduct Data Protection Impact Assessments (DPIAs) for high-risk processing as required by Art. 35 GDPR?
Yes, we conduct DPIAs for all processing operations that are likely to result in high risk to data subjects. Our DPIA process follows the ICO guidelines and includes assessment of necessity, proportionality, and risk mitigation measures...
How do you fulfill Data Subject Access Requests (DSARs) within the 30-day timeframe (Art. 12-22 GDPR)?
What mechanisms do you use for international data transfers outside the EU/EEA (Chapter V GDPR)?
Consider adding: We also implement supplementary measures including encryption in transit and at rest, pseudonymization where possible, and contractual commitments from sub-processors...
Do you have an appointed Data Protection Officer as required by Art. 37 GDPR?