UK GDPR
The data protection questions every UK supplier gets asked.
UK GDPR (the UK General Data Protection Regulation, alongside the Data Protection Act 2018) is the law that governs how organisations handle personal data in the UK. If a customer trusts you with any personal data, expect their security questionnaire to ask how you protect it.
Why you get asked about it
When you handle personal data on a customer’s behalf, they are accountable for choosing a supplier that keeps it safe. So they ask you to show your data protection is in order before they sign, and often every year after.
How Tickbox helps
Tickbox drafts a clear, plain-English answer to each UK GDPR question, grounded in the current requirements and in your own past answers. You review and edit every one before it goes back, so nothing is sent that you have not approved.
Questions you might be asked
- What is your lawful basis for processing personal data?
- How do you respond to data subject access requests?
- Do you have a process to report personal data breaches within 72 hours?
- How is personal data protected in transit and at rest?
- Do you transfer personal data outside the UK, and how is it safeguarded?
- How long do you keep personal data, and how is it deleted?