Versions Compared

Version Old Version 15 New Version 16
Changes made by

Roxy Sanchez

Roxy Sanchez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleHas your organisation defined and documented the lawful basis of each instance of personal data collection or processing?

Has your organisation defined and documented the lawful basis of each instance of personal data collection or processing?

Yes, see our privacy policy: https://www.commonplace.is/privacy-policy

More information: https://commonplace.atlassian.net/l/cp/aZNL5wpE

Expand
title Does your organisation conduct a Data Protection Impact Assessment (DPIA) for all processing that is likely to result in a high risk to individuals?

Does your organisation conduct a Data Protection Impact Assessment (DPIA) for all processing that is likely to result in a high risk to individuals?

As part of ISO27001 certified ISMS we have a documented Change Management Policy that incorporates information security and data protection elements including DPIAs, including the appointment of new suppliers. A standardised template record is used for operational changes. The development of the Commonplace platform is managed through the development lifecycle.

XXXXX

...