SafetyIQ is considered to be a Processor that engages and integrates with Sub-processors
A natural person or legal entity that processes personal data on behalf of the controller (e.g., a call centre acting on behalf of its client) is considered to be a processor. At times, a processor is also called a third party.
SafetyIQ provides cloud-based software that ‘customers’ or ‘controllers’ purchase and as a company SafetyIQ has a responsibility to ensure that the security provisions maintained in the SAAS are compliant to the obligations under the GDPR.
|Activity||Expected Timeline or Completed|
|1||Conducted an information audit to map data flows||Completed|
|2||Documented what personal data SafetyIQ holds, where it came from, who the data is shared with and what is done with it.||Completed|
|3||Appropriate data protection policy||Completed|
|4||Nominated a data protection lead or Data Protection||Completed|
For the full checklist click the below link.