GDPR supplier information required
Data Protection (consider what information needs to be captured in Atamis)
Is personal data transferred? If Yes we require the following information: Subject matter of the processing
Description | Details |
---|---|
Subject matter of the processing | Short description of what the processing is about |
Type of personal data | State all types of personal data that apply Examples include: name, address, date of birth, NI number, telephone number, pay, images, personal email address, name and last 4 digits of credit card number, etc |
Any special categories | State all special categories that apply Examples include: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, etc |
Categories of data subject | State all categories of data subject that apply Examples include: Staff (including volunteers, agents, and temporary workers), customers / clients, suppliers, patients, students / pupils, members of the public, users of a website, etc |
Nature and purposes of the processing | The nature of the processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether by automated means or not), etc. The purpose might include, by way of examples only: employment processing, statutory obligation, recruitment assessment, etc |
Duration of the processing | Set out the duration of the processing including dates |
Plan for return or destruction of the data once the processing is complete | Describe how long the data will be retained for and how it be returned or destroyed (unless requirement under union or member state law to preserve that type of data) |
Do you have a named Data Protection Officer | Yes or No (if Yes please insert name and title) |
How do you store the data | Electronic, Paper, etc |
Data security measures | Describe your data security measures |
Is data transferred to a third party | Yes or No (if Yes please give name and address of third party) |
Approved data processor | Yes or No (if No please state reasons) |
Date of next review | Provide date |