Upload File

gdpr outsourcing partner compliance checklist · 2019. 7. 18. · gdpr outsourcing partner...

  • Home
  • Documents
  • GDPR Outsourcing Partner Compliance Checklist · 2019. 7. 18. · GDPR Outsourcing Partner Compliance Checklist If your business works with clients in the UK or Europe and you outsource
1
GDPR Outsourcing Partner Compliance Checklist If your business works with clients in the UK or Europe and you outsource you need to make sure your partner is GDPR compliant. This checklist will help you determine if you’re at risk and how compliant your offshore partner is. 1. Have they been audited and cerfied by an external body? Anyone can claim to be GDPR compliant but to actually be compliant, their systems and processes need to pass through stringent auding by an independent cerficaon body. By being BS 100012 cerfied by a standards body such as the Brish Standards Instuon (BSI) it demonstrates that the offshore partner can manage risks to personal informaon. Cerfying to BS 10012 Personal Informaon Management means your offshore partner upholds the ideologies of the GDPR and provides reassurance that personal data is managed in line with best pracces. A compliant offshore partner will establish a Personal Informaon Management System (PIMS) so that personal data is managed in line with GDPR best pracces. Your outsourcing partner needs to establish, implement, maintain and connually improve the PIMS. 2. Do they have a qualified and cerfied data protecon officer? DPOs assist in monitoring internal compliance, inform and advise on data protecon obligaons, provide advice regarding Data Protecon Impact Assessments (DPIAs) and operate as a point of contact for data subjects and the supervisory authority. A compliant outsourcing partner will have a DPO that’s cerfied by a body such as the Internaonal Board for IT Governance Qualificaons (IBITGQ). The ICO provides a good outline of what a DPO should be. 3. Is their staff trained on technicalies of the GDPR? Being compliant to GDPR is definitely an organisaonal responsibility, however, it’s just as important that the offshore staff are well-versed with the main principles of informaon privacy in reference to GDPR. Make sure that your outsourcing partner is taking all the steps required to impart GDPR-related knowledge to their staff at all levels. This means they have regular and in-depth training in addion to being audited by an independent standards body. 4. Do they have a registered office in the EU? An outsourcing company is a data processor and if they are based in a country like India and process personal data of EU residents, they have to designate a representave in the EU. The representave must be registered with a Data Protecon Authority (DPA). 5. Is the informaon security framework audited and cerfied by an external body? Arcle 32 of the General Data Protecon Regulaon states that “the controller and the processor shall implement appropriate technical and organisaonal measures to ensure a level of security appropriate to the risk.” A GDPR compliant outsourcing firm will put in place security management systems such as ISO 9001 and 27001. Geng cerfied to the UK Government’s Cyber Essenals scheme is also another method for establishing data security. YES NO YES NO YES NO YES NO YES NO If you have any specific quesons regarding the GDPR and outsourcing compliance you can ask our Expert DPO, Amit Simon.

Upload: others

Post on 23-Aug-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: GDPR Outsourcing Partner Compliance Checklist · 2019. 7. 18. · GDPR Outsourcing Partner Compliance Checklist If your business works with clients in the UK or Europe and you outsource

GDPR Outsourcing Partner Compliance Checklist

If your business works with clients in the UK or Europe and you outsource you need to make sure your partner is GDPR compliant.

This checklist will help you determine if you’re at risk and how compliant your offshore partner is.

1. Havetheybeenauditedandcertifiedbyanexternalbody? Anyone can claim to be GDPR compliant but to actually be compliant, their systems and processes need to pass through

stringent auditing by an independent certification body. By being BS 100012 certified by a standards body such as the British Standards Institution (BSI) it demonstrates that the offshore partner can manage risks to personal information.

Certifying to BS 10012 Personal Information Management means your offshore partner upholds the ideologies of the GDPR and provides reassurance that personal data is managed in line with best practices. A compliant offshore partner will establish a Personal Information Management System (PIMS) so that personal data is managed in line with GDPR best practices. Your outsourcing partner needs to establish, implement, maintain and continually improve the PIMS.

2. Dotheyhaveaqualifiedandcertifieddataprotectionofficer? DPOs assist in monitoring internal compliance, inform and advise on data protection obligations, provide advice

regarding Data Protection Impact Assessments (DPIAs) and operate as a point of contact for data subjects and the supervisory authority.

A compliant outsourcing partner will have a DPO that’s certified by a body such as the International Board for IT Governance Qualifications (IBITGQ). The ICO provides a good outline of what a DPO should be.

3. IstheirstafftrainedontechnicalitiesoftheGDPR? Being compliant to GDPR is definitely an organisational responsibility, however, it’s just as important that the offshore

staff are well-versed with the main principles of information privacy in reference to GDPR.

Make sure that your outsourcing partner is taking all the steps required to impart GDPR-related knowledge to their staff at all levels. This means they have regular and in-depth training in addition to being audited by an independent standards body.

4. DotheyhavearegisteredofficeintheEU? An outsourcing company is a data processor and if they are based in a country like India and process personal data of

EU residents, they have to designate a representative in the EU. The representative must be registered with a Data Protection Authority (DPA).

5. Istheinformationsecurityframeworkauditedandcertifiedbyanexternalbody? Article 32 of the General Data Protection Regulation states that “the controller and the processor shall implement

appropriate technical and organisational measures to ensure a level of security appropriate to the risk.”

A GDPR compliant outsourcing firm will put in place security management systems such as ISO 9001 and 27001. Getting certified to the UK Government’s Cyber Essentials scheme is also another method for establishing data security.

YES NO

YES NO

YES NO

YES NO

YES NO

If you have any specific questions regarding the GDPR and outsourcing compliance you can ask our Expert DPO, Amit Simon.

https://www.bsigroup.com/en-GB/
https://www.ibitgq.org/
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-officers/
https://www.cyberessentials.ncsc.gov.uk/

ESSENTIAL GDPR COMPLIANCE - Acumenologyacumenology.co.uk/.../12/ESSENTIAL-GDPR-COMPLIANCE.pdf · 02 Essential GDPR Compliance Roadmap 03 Step-by-step guide to GDPR compliance 04 Maintaining

Considerations for Data Protection When Outsourcing Core ......GDPR guidelines has been to avoid outsourcing data processing services for applications handling personal data to a non-EU

The Complete GDPR Checklist

PREPARING FOR AN OUTSOURCING AGREEMENT …austintechnologylaw.ca/ALdocs/Renegotiations Checklist... · 2011. 10. 10. · PREPARING FOR AN OUTSOURCING AGREEMENT RENEGOTIATION – A

INSIDE - SGCOGeneral Data Protection Regulation (GDPR) compliance for outsourcing function. (Private & Confidential) We have a specialized team ... Banking, Financial, Services & Insurance

Drive Demand. Generate Revenue. Change Lives. Insourcing VS. … · Outsourcing Implementation Checklist ... marketing, lead generation, marketing automation, and telemarketing in

GDPR Compliance Checklist - IACS

LMS Group - GDPR Checklist 03€¦ · IT Support Cloud Managed IT Services Telephony Cyber Security Connectivity IT Consultancy Your Business Name: GDPR Checklist

GDPR AND OUTSOURCING - BUSTING THE MYTHS · out by stating that GDPR was not about making money from large fines. The GDPR endeavours to put the data subject back in control when

SYMPHONY’S GDPR COMPLIANCE STRATEGYs GDPR Compliance Strategy.pdfSYMPHONY’S ROLE UNDER THE GDPR The GDPR distinguishes two roles that organisations can play: controllers and processors

GDPR - VaronisEU GDPR Lesson 1 4 What is the GDPR? Why do we Need it? EU GDPR Lesson 2 8 Data Protection by Design and by Default EU GDPR Lesson 3 10 The Right to Be Forgotten EU GDPR

OUTSTANDING OUTSOURCING - Checklist

How does the General Data Protection Regulation (GDPR) affect … does GDPR affect your business.pdf · • GDPR is intended toharmonize data protection lawacross the EU • GDPR

GDPR an Introduction - Community Works · 2017. 11. 15. · GDPR an Introduction Are You ready? GDPR monetary penalties. GDPR an Introduction Are You ready? Paul Hamill - Assurance

THE CONTRACT MANUFACTURING CHECKLIST...THE CONTRACT MANUFACTURING CHECKLIST: YOUR GUIDE TO OUTSOURCING MACHINERY AND MORE. ... optimize a design before the Contract Manufacturer takes

gdpr: Demanding New Privacy Rights And Obligations · 4 GDPR: demanding new privacy rights and obligations GDPR highlights GDPR impacts Organizations will have only 72 hours to report

GDPR: What’s going on? - necsia.esa-Necsia-GDPR-360... · (ISO27001, GDPR, PCI-DSS) GESTIÓN DE RIESGOS Y DE TERCEROS ... Curso básico GDPR ... concienciación en GDPR

BVMS - GDPR

GDPR digest - tmaclub.com · ARE YOU GDPR READY? {More than a MORTGAGE CLUB} GDPR digest

5 Points to Check Off Your Outsourcing ... - CBE Companies · 2. Are your CSAT/NPS scores decreasing? 3. Org Charts Matter Outsourcing Checklist For the largest BPOs, organizational

BRITISH MODEL FLYING ASSOCIATION General Data Protection (GDPR…btckstorage.blob.core.windows.net/site11032/GDPR/BMFA... · 2018-05-11 · 5 GDPR 2018 V1.1 12 Steps to GDPR Compliance

Roadmap to the GDPR - Brexit Analysis OUtsourcing Processors - Presentation

5 Points to Check Off Your Outsourcing Checklist

LDF GDPR Toolkit - v4 clean - 29.11.17s337370368.websitehome.co.uk/wordpress/wp-content/... · Web viewAppendix 6 – DPIA Assessment Checklist. Appendix . 2 – Sample . Personal

Roadmap to the GDPR - The Extraterritorial Reach of the GDPR

GDPR AND OUTSOURCING - BUSTING THE MYTHS · that data processing activities will be handled in a compliant manner. As a result, there are benefits to outsourcing in regards to GDPR,

Accountability under the GDPR: How to Implement, Demonstrate … · 2019-11-07 · evidence of due diligence in business processes (outsourcing, IT services etc) Enable cross-border

Article GDPR and CCTV in taxiscommittee.worcester.gov.uk/documents/s42568/GDPR and CCTV... · 2018. 9. 4. · GDPR and CCTV in taxis Article GDPR has many implications for local authorities

GDPR Compliance

GDPR Executive Workshop by - Home - EU GDPR Institute · growth in the Mauritian ICT/business process outsourcing sector, •Facilitate the transfer of personal data from EU-based

MySQL + GDPR

Call Center Outsourcing Top 10 Checklist

GDPR & GDPR - Confindustria Ravenna - Alessandro Rani

An Email Marketer's Checklist for GDPR-readiness · 2018-05-25 · email marketing. Go ahead and check your GDPR readiness! Contact us: Zoho Corporation 4141 Hacienda Drive Pleasanton,

Evaluating Softwtare Development Firms OUTSOURCING CHECKLIST · Evaluating Software Development Firms: Outsourcing Checklist © 2019 2 The questions below will give you a good idea