You have been linked to this page to provide us with an overview of your organisation’s data activities (as part of our due diligence). This will kick-start our assessment of your current Data Protection compliance, and enable us to build the assets that will make your organisation GDPR compliant.
Please answer the questions to the best of your knowledge, but don’t worry if you can’t answer accurately or need advice and assistance to do so; we can deal with any snagging issues later.
Privacy Notice Some of the data we collect as part of this questionnaire will constitute personal data and as such falls under the General Data Protection Regulation. For the purposes of this fact-finding process, the data we collect is controlled by GDP Armour (the Data Controller). We will only process this information for the purpose of completing our audit process and to provide advice to our Clients on the categories of data they hold, the purposes for the data being collected, how data flows through their organisation, which categories of employees or workers have access and how data is stored and kept secure. These purposes are justified under Article 6(1, f) of the GDPR: they are necessary for our legitimate interests, namely that we produce a comprehensive study of data flows in the course of advising our clients. The data we collect as part of this form will be stored and processed only for as long as it takes to produce a report for our client, which we call an Information Asset Register. No part of this report contains personal information. Data is stored with our secure cloud hosts, FastHosts.co.uk on secure servers in Europe, and Dropbox.com in Europe and the US. We also store data on company IT systems which are encrypted and password protected. If the purpose for processing any part of this data changes we will notify you in writing. Under the GDPR data subjects are entitled to certain rights, including the right to erasure, objection, rectification, restriction and to access the data we hold about you. We will not interfere with these rights unless we have a legal basis for doing so. All subject access requests should be directed to our chief data officer, David Charity, at firstname.lastname@example.org, and will be completed within one month. You also have the right to lodge a complaint with the Information Commissioner’s Office – please visit www.ico.gov for more information.