GDPR compliance
Case reference FOI2022/01618
Published 16 November 2022
Request
Under the terms of the freedom of information act can I respectfully request information regarding your preparation and understanding of GDPR compliance. May I request that you complete the questions below.
Q1. Who is responsible for data protection compliance within your organisation?
Q2. Do they know who performs the data sanitisation processes for the organisation?
Q3. Are they aware of the Information Commissioner's Office approved GDPR certification scheme?
Q4. If no, would they find these schemes useful to help with their compliance?
Q5. If yes, do they specify the use of GDPR certification schemes for vendor selection?
Q6. Do you utilise an ADISA certified ITAD service provider for your IT asset disposal needs?
Response
Q1. Who is responsible for data protection compliance within your organisation?
A: The Information Governance Team led by the Data Protection Officer.
Q2. Do they know who performs the data sanitisation processes for the organisation?
A: No
Q3. Are they aware of the Information Commissioner's Office approved GDPR certification scheme?
A: Yes
Q4. If no, would they find these schemes useful to help with their compliance?
A: N/A
Q5. If yes, do they specify the use of GDPR certification schemes for vendor selection?
A: Not at present.
Q6. Do you utilise an ADISA certified ITAD service provider for your IT asset disposal needs?
A: No, we use a British Security Industry Association accredited company.
Documents
This is Herefordshire Council's response to a freedom of information (FOI) or environmental information regulations (EIR) request.
You can browse our other responses or make a new FOI request.