GDPR Compliance
Dear City University London,
Freedom of Information request – GDPR Compliance Plan
I am writing to you to under FOI to establish your state of readiness for GDPR.
To this end I would be grateful if you could supply me with any of the following information that you may hold in connection with your GDPR compliance program
1. Data Mapping
a. Copies of the tools used to capture data for the personal data mapping exercise (e.g. questionnaires/spreadsheets etc.).
b. The records of processing activities and data flow maps/diagrams and any other products/outputs of the data mapping exercise.
2. Gap Analysis
a. Copies of any tools used to assess any shortfall or gaps in processing vis a vis GDPR.
b. The gap analysis report and any other products/outputs of the gap analysis exercise.
3. Project Plan
a. A copy of your GDPR project Plan and Gantt chart or equivalent.
b. Any formal reports (be that to management, your IG steering group and senior GDPR oversight group or equivalent and Committee/Executive) on GDPR.
4. Outsourcing
a. Copies of updated standard GDPR compliant contracts and written instructions for processing.
5. Solutions
a. Details of other potential processing solutions devised or identified either by Essex or in collaboration with other partners.
If any of this information is already accessible online it would be very helpful if you could supply a hyperlink to the location.
I am anxious to minimise the work involved in responding so please let me know if there are any modifications I can make to the request which will help avoid unnecessary effort or duplication.
Yours faithfully,
Gloria Smythe
Dear Gloria Smythe,
Thank you for your request for information (see below) received on
13/06/2017.
Your request is being dealt with under the terms of the Freedom of
Information Act 2000 and will be answered within twenty working days.
Please contact me if you have any queries, quoting reference number
2017/134.
Dear City University London,
Freedom of Information request – GDPR Compliance Plan
I am writing to you to under FOI to establish your state of readiness for
GDPR.
To this end I would be grateful if you could supply me with any of the
following information that you may hold in connection with your GDPR
compliance program
1. Data Mapping
a. Copies of the tools used to capture data for the personal data
mapping exercise (e.g. questionnaires/spreadsheets etc.).
b. The records of processing activities and data flow
maps/diagrams and any other products/outputs of the data mapping exercise.
2. Gap Analysis
a. Copies of any tools used to assess any shortfall or gaps in
processing vis a vis GDPR.
b. The gap analysis report and any other products/outputs of the
gap analysis exercise.
3. Project Plan
a. A copy of your GDPR project Plan and Gantt chart or equivalent.
b. Any formal reports (be that to management, your IG steering
group and senior GDPR oversight group or equivalent and
Committee/Executive) on GDPR.
4. Outsourcing
a. Copies of updated standard GDPR compliant contracts and written
instructions for processing.
5. Solutions
a. Details of other potential processing solutions devised or
identified either by Essex or in collaboration with other partners.
If any of this information is already accessible online it would be very
helpful if you could supply a hyperlink to the location.
I am anxious to minimise the work involved in responding so please let me
know if there are any modifications I can make to the request which will
help avoid unnecessary effort or duplication.
Yours faithfully,
Gloria Smythe
Yours Sincerely,
Saidu Sesay
Information Compliance Officer, IT
City, University of London
Northampton Square
London EC1V 0HB
T: +44 (0)20 7040 8224
[1]www.city.ac.uk
Please consider the environment before printing my email.
Have you received outstanding service today? Make a WOW! Award nomination
at [2]www.city.ac.uk/wow
[3]cid:image002.jpg@01D22BA6.5F8B83F0
This email and its contents are the property of City, University of
London. If you are not the intended recipient of this message and any
attached files, please delete it. Unauthorised copying or distribution of
this message, its attachments or parts thereof, is strictly prohibited
unless specifically stated otherwise.
References
Visible links
1. http://www.city.ac.uk/
2. http://www.city.ac.uk/wow
Dear Gloria Smythe,
Please find attached our response to your request.
Yours Sincerely,
Saidu Sesay
Information
Compliance
Officer, IT
City, University
of London
Northampton
Square
London EC1V 0HB
T: +44 (0)20 7040
8224
[1]www.city.ac.uk
Please consider the environment before printing my email.
Have you received outstanding service today? Make a WOW! Award nomination
at [2]www.city.ac.uk/wow
[3]cid:image002.jpg@01D22BA6.5F8B83F0
This email and its contents are the property of City, University of
London. If you are not the intended recipient of this message and any
attached files, please delete it. Unauthorised copying or distribution of
this message, its attachments or parts thereof, is strictly prohibited
unless specifically stated otherwise.
References
Visible links
1. http://www.city.ac.uk/
2. http://www.city.ac.uk/wow
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now