SUPPLIER DATA PROTECTION REQUIREMENTS APPLICABILITY RESPONSE SUPPORTING REMARKS
SECTION ONE: Data Privacy Governance
With Data Privacy Officer (DPO)
1 Appointment of a Data Privacy Officer (DPO) Applicable Compliant Documents
2 Registration of Data Processing Systems Applicable Compliant Registration Form
SECTION TWO: Risk Assessment
Regular conduct of Privacy Impact Assessments for processes, products,
3 Applicable Compliant or systems that involve the processing of personal data
SECTION THREE: Privacy Culture
4 Availability of your organization's Personal Data Privacy Policy Applicable Compliant
5 Formulation of your organization's Privacy Management Program (PMP) Not Applicable Non-Compliant
Establishing a culture of privacy through awareness and education
6 Applicable Compliant programs for employees and subcontractors
7 Issuance of Security Clearance for those handling personal data Applicable Compliant
SECTION FOUR: Privacy in Day-to-Day Information Lifecycle Operations
Informing data subjects of any personal information processing
8 Applicable Compliant activities and obtain their consent, when necessary
Formulation of policies/procedures that allow data subjects to object to
9 Applicable Compliant further processing, or changes to the information obtained from them
Formulation of policies that limit data processing according to its
10 Applicable Compliant declared, specified, and legitimate purpose
Formulation of policies/procedures for providing data subjects with
access to their personal information, including its sources, recipients, 11 method of collection, purpose of disclosure to third parties, automated Applicable Compliant processes, date of last access, and identity of the controller (Data Subject Access Request)
Formulation of policies/procedures that allow data subjects to dispute
12 inaccuracy or error of their personal information, including Applicable Compliant policies/procedures to keep the same up to date
Formulation of policies/procedures that allow a data subject to suspend,
13 withdraw, or order the blocking, removal or destruction of their personal Applicable Compliant information
Formulation of policies/procedures for accepting and addressing
14 Applicable Compliant complaints from data subjects
Formulation of policies/procedures that allow data subjects to get
indemnified for any damages sustained due to inaccurate, incomplete, 15 Applicable Compliant outdated, false and unlawfully obtained or unauthorized use of personal information
Formulation of policies/procedures that allow data subjects to obtain a
16 copy of his/her personal data processed by electronic means and in a Applicable Compliant structured and commonly used format
Formulation of policies/procedures for the creation and collection,
storage, transmission, use and distribution, and retention of personal 17 data for only a limited period, OR until the purpose of the processing Applicable Compliant has been achieved, and ensuring that data is securely detroyed or disposed of
SECTION FIVE: Managing Personal Data Security Risks
Implementation of appropriate and sufficient organizational security
18 Applicable Compliant measures
Implementation of appropriate and sufficient physical security measures
19 Applicable Compliant (Physical Access and Security, Design and Infrastructure)
Implementation of appropriate and suffcient technical security
20 (Firewalls, Encryption, Access Control Policy, Security of Data Storage, Applicable Compliant and Other Information Security Tools)
SECTION SIX: Data Breach Management
Compliance with the Data Privacy Act's Data Breach Management