I am writing to you to under FOI to establish your state of readiness for GDPR.
To this end I would be grateful if you could supply me with the following information that you may hold in connection with your GDPR compliance program
1. Data Mapping
a. Copies of the tools used to capture data for the personal data mapping exercise (e.g. questionnaires/spreadsheets etc.).
b. The records of processing activities and data flow maps/diagrams and any other products/outputs of the data mapping exercise.
2. Gap Analysis
a. Copies of any tools used to assess any shortfall or gaps in processing vis a vis GDPR.
b. The gap analysis report and any other products/outputs of the gap analysis exercise.
c. A written description of how the Gap Analysis was completed
3. Project Plan
a. A copy of your GDPR project Plan and Gantt chart or equivalent.
b. Any formal reports (be that to management, your IG steering group and senior GDPR oversight group or equivalent and Committee/Executive) on GDPR.
c. A copy of your Information Governance Structure
a. Copies of updated standard GDPR compliant contracts and written instructions for processing.
a. Details of other potential processing solutions devised or identified either by the organisation or in collaboration with other partners.
a. a copy of your data protection strategy
b. a copy of your DPO JD and Person Specification
c. A copy of your accountability framework
d. a copy of all procedures or processes relating to the Information Rights of Data Subjects under GDPR. Specifically:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
e. A copy of your fair processing notice
If any of this information is already accessible online it would be very helpful if you could supply a hyperlink to the location.
I am anxious to minimise the work involved in responding so please let me know if there are any modifications I can make to the request which will help avoid unnecessary effort or duplication.
Dear Gloria Smythe
Thank you for your request for information under the Freedom of Information Act 2000, as detailed in your email below. Your request was received on 28 June 2017. We will deal with your request as promptly as possible, and at the latest within 20 working days. If you have any queries about your request, please contact us at the address below.
The reference number for your request is RFI20170942.
BBC Freedom of Information
BC2 B6, Broadcast Centre
201 Wood Lane
London W12 7TP
Email: [BBC request email]
Tel: 020 8008 2882
Dear Ms Smythe,
Please find attached the response to your request for information,
BBC Information Policy and Compliance
Room BC2 A4
Email: mailto:[BBC request email]
Description: Description: \\BBCFS2025\UserData$\myrien01\Documents\My
2. mailto:[BBC request email]