You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 29
Next »
Which countries do you store personal data in, or transfer personal data to? Are any transfers of the personal information outside of the UK?
Do you use appropriate legal mechanisms for all international transfers of personal data?
Has your organisation been subject to any personal data access requests from governments or other authorities in the last 24 months?
Does your organisation have a nominated Data Protection Officer (DPO)?
Does your organisation have an up-to-date Data Protection Policy?
Does your organisation maintain a record of all personal data collection & processing activities?
Has your organisation defined and documented the lawful basis of each instance of personal data collection or processing?
Does your organisation conduct a Data Protection Impact Assessment (DPIA) for all processing that is likely to result in a high risk to individuals?
Can your organisation facilitate an individual's data privacy rights?
Does your organisation have a Records Retention Policy?
Does your organisation have robust detection, investigation and reporting procedures in place for personal data breaches, including maintaining a record of all personal data breaches?
Does your organisation have a process for notifying the relevant Authority and all relevant parties (e.g. data controllers) when a breach occurs?
Has your organisation suffered a security incident that led to a Personal Data breach in the last 6 months?
Does your organisation process personal data on behalf of another organisation?
Who owns the data collected via Commonplace?
Is your organisation registered with the Information Commissioner’s Office for Data Protection purposes?
Does your organisation have a published cookie policy?