top of page

GDPR Data Processor Questionnaire

If your Suppliers are also Data Processors, you'll need our GDPR Data Processor Responsibilities Questionnaire to help with your GDPR responsibilities.  Ask for a copy, Request a demo or try it Free with Rizikon Assurance for 30 days

Men discussing GDPR Processor Questionnaire

Find out how the GDPR Data Processor Responsibilities Questionnaire may help you protect your business

GDPR Compliance Questionnaire for Supplier Evaluation

A key element of GDPR (brought into effect on the 25th May 2018) is the distinction between processor and controller. If you are a controller, you are not relieved of your obligations under GDPR where a processor is involved, as the regulation places further legal obligations on you to ensure your contracts with processors are compliant. Firms can be fined significantly for breaches under the new regulation. As such, organisations that wish to avoid non-compliant businesses and minimise exposure to high-risk data practices can use this GDPR Data Processor checklist within Rizikon Assurance. This will assist with ensuring compliance with GDPR regulations where data processors are used and operating a wider assurance practice that is efficient and risk-proportional, as well as comprehensive.

How this GDPR Data Processor Questionnaire was developed

This questionnaire has been written based on the information given by the Information Commissioner’s Office guidance notes on GDPR, as they are the sole body responsible for enforcing the legislation. The ICO guide explains the provisions of the GDPR to help organisations comply with its requirements. The relevant sections used have been for those who have a day-to-day responsibility for data protection and are data processors. More information can be found on the ICO website.

GDPR Checklist Questions, sections and scoring

The structure of the GDPR Data Processor Standard Questionnaire consists of an initial section requesting specific confirmation of processing data on behalf of the controller. If the answers suggest that the rest of the questionnaire is no longer applicable, there are no further questions. Affirmative answers yield a further 12 sections, covering necessary topics from data retention, breach notifications, international processing etc. The questions are scored on a tiered basis – answers can be provided that are either scored Minor, Major or Fail, while compliant answers will remain unscored. These scores listed indicate that The Data Processor is potentially not compliant with the GDPR regulation with respect to meeting its obligations. The overall questionnaire score will be inherited from the most severe question score provided, highlighting their point of minimal compliance.


Request a Demo, ask us to send you a copy of the Questionnaire or Try the Questionnaire and Rizikon Assurance

free for 30 days

bottom of page