Data Processor Audit Service Digital control of your data processors
As a data management company or authority, you are required to continuously control your data processors, and you must be able to document compliance with the Danish Data Protection Agency at all times.
A resource-demanding task
Continuous control of all your data processors are often an administrative heavy and time-consuming task. Similarly, it requires that your employees are continuosly updated on the current rules regarding processing of personal information.
Fines and loss of reputation
Costs can be huge for organisations that do not comply with the rules. In addition to a possible fine of up to 4 percent of the organisation's annual turnover or EUR 20 million, lack of control could cause serious data breach as well as loss of reputation.
DPA Service because ...
With DPA Service you get ...
The audit reports contain concrete recommendations to help you make decisions for systematically and consistent control of your data processors.
Operational management report
An operational management report gives you a general idea over all your data processors' compliance-level.
The 5 steps of the assessment
You provide .legal with information about the specific data processors that you want to assess. This information is noted in a template that you will receive. In addition, we prepare an outline for the process.
.legal sends out an information email with an attached guide to the data processors. Two days later, .legal sends an email to the data processors with a link and login information to the DPA Service assessment
The data processors can now answer the assessment. If any questions should arise in relation to the assessment, the data processors have the opportunity to contact the .legal support team. In addition, the support team continuously monitors the received responses and sends you a progress report midway through the process.
The result of the assessment is an audit report for each data processor as well as a management report, which gives you a comprehensive overview of all your data processors' compliance level. In addition, a final statement of the response rate and any notes from the individual data processors will be sent to you.
05. Follow up
Based on the reports' recommendations, you now have the opportunity to assess whether there is a need for follow up. If the data processor has implemented improvement initiatives and wants to repeat the assessment, .legal can be helpful with this.
Fixed annual payment based on the number of controls which should be completed.
Already completed controls can be repeated without additional costs in the contract period.