(EU) Can you provide an overview of all business processes and IT systems related to personal data?
Do you have a process in place to notify without undue delay when you become aware of a data breach?
Are you able to ensure the data subject's rights?
Do you have a process in place to ensure that all employees (both internal and external) process personal data securely?
Do you have a process in place for informing of any sub-processor?
What information do you store?
Do you have a process in place to ensure the data subject is not subject to automated decision-making such as profiling?
How do you process personal data?
Do you have privacy and security certifications in related industries?