Data Protection Supplier Questionnaire - Company

Name of Organisation*
Completed by*
Date Questionnaire Completed*
What personal data do you process on Company’s behalf? (This could include data of Company’s clients)*
(UK-only) Are you registered with ICO? If yes, please provide registration number. (US-only) Are you certified under US-EU Privacy Shield? If yes, please provide registration number.*
Do you have a Data Protection Officer? If not, who is the person responsible for data protection of personal data processed by your organisation?*
Do you have a data protection policy in place? When was the last time this was reviewed? How regularly is this reviewed?*
Do you process any personal data (internally or externally) on Company’s behalf outside the EEA (this could include Company’s client data)?*
Are any of your personal data processing activities carried out by third parties (sub-processors)? List them and describe the processes, location of the provider and the data accessed by the processor.*
How is the personal data stored? If using 3rd party services to store data please list detailing where and how data is stored.*
How is archived personal data stored? If using 3rd party services to store data please list detailing where and how data is stored.*
Please describe the security procedures in place to keep all personal data processed on behalf of Company secure.*
How would you deal with possible security breaches where the security of personal data on behalf of Company (or Company ‘s clients) has been compromised?*
What measures are in place to protect personal data during storage and transfer?*
How do you ensure that personal data is not retained longer than instructed?*
Will you store any personal data processed on behalf of Company once the contract with Company has come to an end?*
How are you able to support Company on dealing with subject access requests?*
Are you able to delete all personal data of a specific individual upon request?*
Are you able to delete personal data based on a retention schedule?*
Do employees in your organisation receive training on data protection and other relevant law? Please describe briefly the nature of training given and when takes place.*
What personal data sources do you use in the data research process?*
Knowing that personal data you provide is to be used for direct marketing purposes, how do you ensure that only data that can be legally marketed to is provided?*
If you provide personal data with consent for direct marketing, how is the consent collected? What audit trail are you able to provide for consent records?*

Tel:	(852) 2219 0111
Mail:	1201-1203, 12/F Siu On Centre, 188 Lockhart Road, Wanchai, Hong Kong

Tel:	+44 (0) 208 004 3888
Mail:	3^rd Floor 70 Gracechurch Street London EC3V 0XL

Tel:	+61 (03) 9021 2031
Mail:	Suite 1, Level 2 51-65 Clarke St Southbank Vic 3006

Hong Kong Office

London Office

Melbourne Office