Title Page

  • Name of Organization

  • Conducted on

  • Data Controller

  • Location

Lawful basis and transparency

  • Conducted an information audit to determine what information you process and who has access to it

  • Have a legal justification for data processing activities (refer to article 6)

  • Provided clear information about data processing and legal justification in the organization's privacy policy

Data Security

  • Follows the principles of "data protection by design and by default"

  • Implements encryptions such as pseudonymination, anonymation and etc.

  • Created an internal policy for team members that builds awareness on data protection (i.e., knowledge on email security, passwords, two-factor authentication, device encryption, and VPNs)

  • Have a data protection impact assessment scheduled and a process in place to carry it out

  • Have a process in place to notify the authorities and data subjects in the event of a data breach

Accountability and governance

  • Anointed personnel to ensure GDPR compliance across the organization

  • Signed data processing agreements between the organization and third-party services that handle personal data on your behalf

  • Appointed a Data Protection Officer (if necessary)

Privacy rights

  • It's easy for customers to request and receive all the information you have about them

  • It's easy for customers to correct or update inaccurate or incomplete information

  • It's easy for customers to request their personal data to be deleted

  • It's easy for customers to ask you to stop processing their data

Completion

  • Data Controller's Signature

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.