GDPR Letter to Processors
Implementation Guidance (this section must be removed from final version of the document)
Purpose of this document This letter is intended to be sent to organisations you use as processors to confirm their readiness for GDPR.
Areas of the GDPR addressed The following areas of the GDPR are addressed by this document: (All)
General Guidance As part of GDPR you should also have a contract in place with each of your processors that covers the required areas, so this letter should be supplemental to that. The contract is the controller’s protection in many ways, so that should be prioritised over responses to this letter, but this letter may help to highlight areas of risk, particularly if special categories of data are involved. Note that this letter is intended as a final confirmation, not as a data-gathering exercise; use the Supplier GDPR Assessment as a tool for initial fact-finding.
Review Frequency We would recommend that this document is reviewed as preparations for GDPR continue.
Toolkit Version Number GDPR Toolkit Version 4
Document Fields This document may contain fields which need to be updated with your own information, including a field for Organization Name that is linked to the custom document property “Organization Name”. To update this field (and any others that may exists in this document): 1. Update the custom document property “Organization Name” by clicking File
Page 1 of 5