Compliance Screening

Do you maintain a Record of Processing Activities (ROPA) as required by Art. 30 GDPR?*

Have you appointed a Data Protection Officer (DPO) as required by Art. 37 GDPR?*

Describe your procedures for handling Data Subject Access Requests within the 30-day timeframe (Art. 15-22 GDPR).*

Do you have a Data Processing Agreement (DPA) template with Standard Contractual Clauses for third-party processors?*

Which security certifications does your organization hold?*

Do you have documented incident response procedures covering detection, notification, and remediation (ISO 27001 A.16)?*

Describe your logical access control measures, including multi-factor authentication requirements (ISO 27001 A.9).*

Do you have a documented policy statement on human rights and environment (LkSG §6(2))?*

Have you designated a responsible person (Human Rights Officer) to monitor LkSG compliance (LkSG §4(3))?*

Do you operate a complaints mechanism accessible to affected parties for reporting human rights violations (LkSG §8)?*

Describe your risk analysis process for identifying human rights and environmental risks in your supply chain (LkSG §5).

Do you hold an ISO 14001 Environmental Management System certification?

Do you track and report Scope 1, 2, and 3 greenhouse gas emissions?