Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

Processor compliance reviews

Your organisation reviews data processors’ compliance with their contracts.

Ways to meet our expectations:

  • Contracts include clauses to allow your organisation to conduct audits or checks, to confirm the processor is complying with all contractual terms and conditions.
  • You carry out routine compliance checks, proportionate to the processing risks, to test that processors are complying with contractual agreements.

Can you answer yes to the following questions?

  • Is there any follow-up where you identify non-compliance to contract terms or a Service Level Agreement?
  • Are the checks proportionate to the risks?