FOI request (FOI-66644006)
Requested Thu 25 January 2018
Responded Mon 05 March 2018
1. How would you describe your GDPR preparedness?
a. Already Compliant.
b. On target to be compliant by May 25th, 2018.
c. Project underway but suffering difficulties.
d. Barely Started.
e. Haven't started.
2. Have you identified all your data processing partners?
3. Do you have contracts in place with all your data processing partners?
4. Do you use a third party to provide data erasure or destruction services on your end of life IT infrastructure?
5. If you use a third party, do you have a contract in place with them?
6. How have you assessed "sufficient guarantees" from this company? (Please tick all that apply)
o In writing from them.
o Via Contract Terms.
o Relevant accreditation.
o Independent Assessment / audit.
7. Does this contract include clarification on process for dealing with: (Please tick all that apply)?
o Breach Notification?
o Subject Access Requests
o Changes in processing activities which require a DPIA.
8. If you use a third party what is their name?
9. How regularly do you or an independent third party, audit this company?
b. Every 6 months
c. Every 12 months
d. Irregularly but over 12 months
Q1 - b. On target to be compliant by May 25th, 2018.
Q2 - a. Yes
Q3 - a. Yes
Q4 - a. Yes Hard disks are removed from devices and physically destroyed (shredded) on site.
Q5 - b. No
Q6 - Not applicable - The company never has any personal data.
Q7 - Not applicable - The company never has any personal data.
Q8 - NCR
Q9 - Not applicable - The company never has any personal data.
Freedom of Information