ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
GDPR at Work

Must a company we wish to work with consent to audits and/or periodic completion of a security questionnaire?

ANSWER

The controller's right to conduct audits / request completion of a security questionnaire does not depend on the processor's consent. Making available all information necessary to demonstrate compliance with the obligations set out in Article 28 GDPR (including, among other things, security measures applied) and allowing the controller, or an auditor authorised by the controller, to conduct audits, including inspections, and contributing to them — are processor obligations arising from the GDPR (Article 28(3)(h) GDPR). Provisions in this regard should be included in the processing agreement as a mandatory element.

Show all
PreviousNext

Read also:

12 March 2026

Jak wdrożyć UKSC / NIS2 - poradnik dla firm

12 March 2026

Jak wdrożyć KSC / NIS2 - poradnik dla firm

03 February 2026

Ocena skutków dla ochrony danych (DPIA) – praktyczny przewodnik + wzór formularza

Dr RODO - aplikacja do audytu i ryzyka

Diagnozuj zgodność i dbaj o odporność organizacji

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Audits and security questionnaires: GDPR obligations | ODO 24 | ODO 24