Audit of a new or existing personal data processor—checklist
Produced in partnership with Sanjana Sura of Bird & Bird and Ruth Boardman of Bird & Bird
ChecklistsAudit of a new or existing personal data processor—checklist
Produced in partnership with Sanjana Sura of Bird & Bird and Ruth Boardman of Bird & Bird
ChecklistsThis Checklist sets out key considerations a controller should typically take into account when conducting an audit for the purposes of evaluating the suitability of a prospective or existing processor of personal data under the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR).
For further information about controllers’ obligations and engaging processors under the UK GDPR regime, see Practice Notes:
- •
The UK General Data Protection Regulation (UK GDPR)
- •
Key definitions under UK data protection law
- •
Supply chains under data protection law—arrangements between controllers and processors
Audits of processors
Although processors subject to the UK GDPR have their own particular responsibilities under the legislation, controllers remain responsible for the processor’s processing of personal data under their instructions.
Under:
- •
the accountability principle of the UK GDPR: the controller is responsible for, and must be able to demonstrate compliance with, the data protection principles set out in Article 5(1) of the UK GDPR (which includes the lawfulness, fairness and
To view the latest version of this document and thousands of others like it,
sign-in with LexisNexis or register for a free trial.