ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Tools

How do we verify entities that will process our data? Are there any guidelines or questionnaire templates to help verify such entities?

ANSWER

The GDPR does not specify in what particular way the controller must demonstrate compliance with the requirement set out in Article 28(1) GDPR. It is the controller's task to take actions that enable the most accurate possible verification of the processor. The basic way of such verification is an audit of the processor or a checklist — a security questionnaire, i.e. a document constituting evidence of the verification carried out, enabling the controller to obtain detailed information on the technical and organizational measures applied by the processor that are to ensure compliance with the GDPR and security of personal data processed on behalf of the controller.

More information in this regard, including an example of such a basic security questionnaire, can be found at: /wiedza/blog/zgodnosc-procesora-z-rodo-sposoby-jej-weryfikacji

Show all
PreviousNext

Read also:

07 June 2026

TikTok and GDPR in the public sector – what public authorities can learn from the German recommendations for institutions

07 June 2026

Prepare for a phishing attack before it is too late

02 June 2026

Is a Security Operations Center (SOC) required to comply with the requirements of the National Cybersecurity System Act (KSC / NIS2)?

Przejęcie funkcji IOD

Bezpieczeństwo klienta to dla nas priorytet

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Verifying processors — how to do it? | ODO 24 | ODO 24