• Home
  • Third Party Supplier

REC Third Party Supplier GDPR audit

Revision v.1, 3rd May 2018

Author – Kerry Marsh

Purpose

The purpose of this procedure is to define a process whereby the Rudge Enthusiasts Club (here referred to as REC) can satisfy itself that third party suppliers comply with GDPR. This procedure applies to the specific third party suppliers with whom members’ personal data are shared. They are Deep Blue Logic Ltd., Woodlands Design, Pagefast and the DVLA.

Personal responsible

The Data Processing Officer is responsible for carrying out the GDPR audits on these suppliers.

The audit

The audit should be completed in May of every year.

The audit can be carried out by sending out the questionnaire to the supplier and then reviewing the responses and clarifying any points by telephone. Alternatively it may be carried out by visiting the third party personally.

The questionnaire should be addressed to the Data Controller of the third party supplier.

The key questions for the audit are :

  • Does your organisation comply with GDPR ?
  • Does your organisation have rules and procedures to ensure it continues to comply with GDPR ?
  • Please summarise your Data Privacy Risk Assessment as it applies to the personal data that the REC shares with your organisation.
  • What steps does your organisation take to manage these risks and ensure that REC members’ personal data is kept secure ?
  • Do you ever share REC members’ data with any third parties ?

Following the audit :

The Data Processing Officer should review the responses and satisfy him/herself that the risks to REC member’s personal data is being adequately managed.

The DPO should summarise any concerns, convey them back to the supplier and agree corrective actions.

The responses, concerns and correspondence on this audit with suppliers should be filed and kept for seven years.

 


Document revisions

Revision v.1, 3rd May 2018

Author – Kerry Marsh

Revision history:

v.0 – First draft 5th April 2018

v.1 – Removed reference to Deep Blue Logic as a third party handling new spares orders. That company does not process members’ contact details.


 DOWNLOAD REC REC Third Party Supplier GDPR audit (v.1) in PDF format