Recommendation : 3. Manage data life
Are the responsibilities from a GDPR point of view (or local framework in other countries: Privacy Act for example) with service providers clearly defined ?
Purchase Sustainable IT
A People
B Planet
A Prosperity
Difficulty
N/A
Priority
/
Récurrence
/
Tests
Is the list of service providers and the modes of intervention and responsibility for the data formalized and monitored?
Precisions
The regulations require a confirmed knowledge of all service providers in contact with personal data. Data outside the GDPR framework is not subject to this tracking. The data essential to the functioning of a digital service are all important from a human or business point of view. The GDPR practice is proven for a category of data, the generalization of the principle to all data makes it possible to increase the consistency of treatment of all the assets of an organization
Additional elements
Rule for assessing the level of compliance of the criterion
0 / 0
Life cycle
Utilisation
4 other criteria related to the recommendation: Manage data life
Life cycle
Have the legal constraints related to data preservation been analyzed and the rules and deadlines for "forgetting it" been specified ?
Sustainable IT Infrastructure
Does the storage strategy keep infrastructure or data duplication to a minimum in relation to its criticality ?
Sustainable IT Infrastructure
Is non-production data anonymized and scaled down to a representative sample of production ?
Life cycle
Is the frequency of data refresh determined in relation to user expectations ?