Checklist: Processor due diligence (data protection and cybersecurity) (EU)

Updated as of: 04 August 2023
This checklist provides step-by-step due diligence guidance for in-house counsel and private practice lawyers when engaging service providers or suppliers who will also act as processors of personal data (processor), or to assist them when advising internal and external clients on these issues. The straightforward question-based format of the checklist can also be used by any other stakeholders (eg, members of the procurement team) when performing an initial high-level assessment of the data protection and cybersecurity compliance of a potential supplier.