This is a high-level questionnaire for senior management to assess current levels of compliance and to help identify key areas of vulnerability to be addressed in relation to the EU General Data Protection Regulation ((EU) 2016/679).

It can be used as part of a periodic compliance review and as a tool to demonstrate accountability.

i.e. data breach log, rights request log, processor terms, processor compliance audit, DPIA form, LIA forms
NB. privacy notice information is essentially as follows. Our name and contact details and of our DPO. The types of personal data we use and the purposes and lawful bases of our processing. Where the data came from and if there is any legal obligation for it to be provided. Who we share personal data with and if it is transferred outside UK/EU. How long we keep the data for and what rights data subjects have. Details of any automated decision making or profiling activities.
NB. Records required are as follows. Data controller and data processor identity and contact information, categories of personal data processed, details of transfers outside UK/EU, existence of safeguards for transfers outside UK/EU, details of technical and organisational security measures.
NB. the available legal bases are as follows. Legal obligation, contractual necessity, legitimate interest, consent, vital interest and public interest.