ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Data Processing

Should a security questionnaire for a processor be individually tailored to each data processing agreement or specific type of service?

ANSWER

There is no need for the questionnaire to be tailored each time to a specific agreement or specific type of service provided by a potential processor. On the one hand this would be time-consuming; on the other, it is doubtful whether it would be effective: while it is possible to assess in general terms which requirements should in principle be met by a given entity and which are worth asking about in the questionnaire, it is difficult to tailor questions perfectly to a given contractor.

The best approach appears to be to create several versions of a processor questionnaire, e.g. a detailed version (sent to entities providing IT solutions or payroll companies) and a simplified version (for entities to which data will be entrusted in a limited scope). The result of such a questionnaire could be reviewed by the DPO, who on that basis would decide whether the given entity provides adequate guarantees related to ensuring the security of personal data.

Show all
PreviousNext

Read also:

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

29 May 2026

Kontrola służbowej poczty e-mail pracownika a tajemnica przedsiębiorstwa - kiedy pracodawca może legalnie przejrzeć skrzynkę?

14 May 2026

Czy pracodawca może opublikować zdjęcie pracownika? Wykorzystanie wizerunku pracownika na gruncie RODO i prawa autorskiego

Poradniki i Nawigatory

Poradniki i przewodniki RODO

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Individual GDPR security questionnaire — is it necessary? | ODO 24 | ODO 24