Skip to content ↓

Due Diligence - Data Processing Agreement

Please indicate which additional IT measures are in place to keep the data supplied to you safe?
Please indicate which additional physical measures are in place to keep the data supplied to you safe?
The processor will not give access to people claiming to be WISF employees unless verified by the WISF in writing.
When considering the data life cycle are you clear where the greatest risks are and do you mitigate against these risk points?
When the service you are supplying comes to an end please confirm that you will delete and destroy all virtual or physical files, whether held on your site or remotely, and that you will confirm to the school by email that this has been done.

Data Breach Management

Do you have a data breach policy?
Have you ever had a data breach, either as a processor or a controller?
Do you have a plan for engaging a service company in response to a cyber incident? (e.g. criminal hack, data fraud, virus)


Data Transfer & Compliance

Will personal data be transferred outside of the UK? (Please note that the EU-US Privacy Shield is no longer valid.)
Are any sub-processors used? (Sub-processors are processors used by you on your behalf to process our data).
Do you keep and maintain a record of processing activities under Article 30 of the UK GDPR?
Do you have an experienced Data Protection Officer?
What procedures are in place to promptly forward on any requests from law enforcement or other agencies (e.g. local authority)?
Do you conduct Data Protection Audits?
Do you have any relevant certifications, accreditations or standards (such as ISO27001 or other relevant standard)?