IT questionnaire – GDP Armour

Welcome!

You have been linked to this page to provide us with an overview of your provision of IT services as they relate to the data activities of our client.

This will kick-start our assessment of their current Data Protection practices, and enable us to build the assets that will ensure full compliance.

Please answer the questions to the best of your knowledge.

Name *

First

Last

Organisation *

Client name *

Contact Telephone *

Email *

Please list the data assets* in the IT systems and storage locations used (please number consecutively, i.e. 1, 2, 3, etc and name the assets as descriptively as possible).

* e.g. of types of data asset include: email systems, databases, electronic file storage locations, web servers & cloud storage. You need only include those that contain personal data (for examples of personal data see below).

Section 1: Please answer the questions in this section with reference to the numbers you have used for the data assets described above.

Please list the categories of personal data* stored (if you know this).

* e.g. names, work addresses, home addresses, telephone numbers, emails, d.o.b., bank details, NI numbers, payroll information, HR records, IT system usage data, IP addresses, CCTV, social media IDs, Pension information, etc.

Please list the locations where the data is physically situated* (or if you do not know, say 'don't know').

* we are primarily interested in the country in which data is located.

Please provide details of all physical security measures* (if you know these).

* e.g. server in locked cabinet, server in locked server room, server in secure remote location, etc

Please say which (if any) are hosted by a third party provider (including yourself if you are an externally retained IT provider).

Please give details of the IT security measures* used to protect the data.

* e.g. encryption (please give type), two factor authentication, system access controls, data access controls, transmission controls, input controls, data backups (please say how often), data segregation, automatic password update, etc

Please provide details of any third party organisation/s with whom personal data is shared, including their names, locations, the nature of the relationships, and the kinds of data transferred.

Section 2: Other infomation

If you are involved with mobile device management, please give details of any security measures used*.

* e.g. remote data deletion capability, BYOD data segregation, mandatory password protection, secure device applications only for work activities, etc

If you are an external IT provider, please cut and paste any data protection and or GDPR compliance terms that are contained within the contract between your organisation and our client below:

Alternatively, please email the relevant clause/s to 'info@gdparmour.co.uk'.