Content library
SOC 2 (Systems and Organization Controls)
P6.7: Providing an accounting of personal information upon data subjects' request

How to fill the requirement

SOC 2 (Systems and Organization Controls)

P6.7: Providing an accounting of personal information upon data subjects' request

Task name
Priority
Status
Theme
Policy
Other requirements
Documentation of data sets for data stores
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Management of data sets
Management of data sets
requirements

Task is fulfilling also these other security requirements

T07: Tietojen luokittelu
Katakri
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
15 §: Tietoaineistojen turvallisuuden varmistaminen
TiHL
6. Lawfulness of processing
GDPR
5. Principles relating to processing of personal data
GDPR
1. Task description

The organization shall maintain a list of data sets contained in the data stores it manages.

The documentation shall include at least the following information:

  • Data systems and other means used to process the data sets
  • Key categories of data in the data set (and whether it contains personal data)
  • Data retention period (discussed in more detail in a separate task)
  • Information on archiving / disposal of data (discussed in more detail in a separate task)
Readiness to provide a list of data transfers to the data subject
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Data transfer and disclosure
requirements

Task is fulfilling also these other security requirements

P6.7: Providing an accounting of personal information upon data subjects' request
SOC 2
1. Task description

Upon request, the organization offers the registered person a clear list of the transfers of his personal data to third parties.

The list shows in particular which personal data has been transferred, to which organization, on what basis and when.

Process for receiving and handling data subject requests
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Informing and data subject requests
requirements

Task is fulfilling also these other security requirements

15. Right of access by the data subject
GDPR
16. Right to rectification
GDPR
18. Right to restriction of processing
GDPR
19. Notification obligation regarding rectification or erasure of personal data or restriction of processing
GDPR
21. Right to object
GDPR
1. Task description

Whenever we process personal data, the data subject has certain rights, e.g. gain access to their data and, in certain situations, oppose processing or have their data deleted.

We have planned procedures for handling data subject requests, which may include e.g.:

  • the ways in which the data subject may make a request for information
  • methods to verify the identity of the sender
  • the persons to whom requests for information are forwarded in relation to each register
No items found.