Processor due diligence checks
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
Processor due diligence checks
You have due diligence checks to guarantee that data processors will implement appropriate technical and organisational measures to meet UK GDPR requirements.
Ways to meet our expectations:
- The procurement process builds in due diligence checks proportionate to the risk of the processing before you agree a contract with a processor.
- The due diligence process includes data security checks, eg site visits, system testing and audit requests.
- The due diligence process includes checks to confirm a potential processor will protect data subjects’ rights.
Can you answer yes to the following questions?
- Are staff aware of what they need to do?
- Is there a clear and effective process?
- Are due diligence checks proportionate to the risks?