Chris Yates Created: Mar 07, 2018 Last commented: Mar 08, 2018

Supplier Documents

In real simple term without naming all the articles - what should I be getting from our supplier to check GDPR and subsequently provide to my customers? I have so far: - GDPR Compliance Questionnaire - Supplier Data Processing Agreement signed - Request their data protection policy? - Request their data retention policy? - Request their Breach Response procedure? Am I on the right path? Thanks

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Mar 08, 2018

The “Processor GDPR Compliance Questionnaire” is meant to asses your suppliers level of compliance with the EU GDPR so you can choose to ask your suppliers that are acting as your processor to fill in the questionnaire or, you can ask your potential supplier to fill it in before deciding to enter into a commercial agreement with them.

You can also ask the supplier to provide some proof of compliance when he answers yes to some questions and the policies and procedures you mentioned can be presented as proof.

The “Supplier Data Processing Agreement” is meant to be an annex to the commercial contract/agreement that you have in place with a supplier acting as your processor. So, is a legally binding document that should ensure that the supplier will process personal data based on your instructions and in compliance with the EU GDPR requirements.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 07, 2018

Mar 08, 2018

Expert Advice Community