Do you have policies and procedures in place that adhere to GDPR, CCPA or other relevant regulation’s principles and Individual Rights?
Do you have a data retention policy for the scoped PII data?
Are there contractual provisions, and control mechanisms to ensure that privacy and security obligations of the organization extend to the organizations suppliers, vendors, or subcontractors?
Are privacy policies and procedures reviewed and revised at least annually?
Is there a documented response program with policies and procedures to address privacy incidents, unauthorized disclosure, unauthorized access or breach of Scoped Data?
Please indicate which PII will be collected
Will personal identifiable information be shared with this Vendor?
Who is the data subject of the personal data which is been collected?
Please indicate which fields of PII will be collected