GDPR Vendor Assessment questionnaire
The ‘GDPR Vendor Assessment questionnaire’ is a list of questions that data controllers can present to cloud suppliers (data processors). The questions will help companies ensure that their cloud suppliers will be compliant themselves, and will also process customer data in a compliant way.
29 / 08 / 17
Why this list?
The data controller always remains accountable for the data (e.g. employee data, customer files, patient records, etc.) should an event occur – even if they have delegated data handling, etc. to a supplier.
In the regulation, Recital 81 and article 24(1) specify that the controller may only appoint a processor/Cloud Service Provider (CSP) when it can be proven that the processor/CSP has the needed: