Data Processing Supplier Audit (GDPR)

Summary

This practice note is designed for tactical review of vendors providing critical data-processing services and to guide what audit capabilities to contractually request. Each checklist item below is followed by detailed descriptions of what questions to ask suppliers and what documents to obtain. These will help govern how you draft the corresponding data processing agreement/data sharing agreement (DPA/DSA) clauses.