Processor compliance reviews
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
Processor compliance reviews
Your organisation reviews data processors’ compliance with their contracts.
Ways to meet our expectations:
- Contracts include clauses to allow your organisation to conduct audits or checks, to confirm the processor is complying with all contractual terms and conditions.
- You carry out routine compliance checks, proportionate to the processing risks, to test that processors are complying with contractual agreements.
Can you answer yes to the following questions?
- Is there any follow-up where you identify non-compliance to contract terms or a Service Level Agreement?
- Are the checks proportionate to the risks?