Release notes November 2021, DPA Service supervision guidance

This is your November product update on the .legal DPA Service. The purpose is to give you a firsthand view of our latest updates.

As we wrote in a previous blog post, the Danish Data Protection Authority published new guidance on how you can supervise your data processors on 29 October.

We have now updated DPA Service so that we accommodate the new measures in the guidance.

Classification module

We have added a classification module which can be used to calculate a risk score for your data processors. The module has been prepared based on the calculation model that the Danish Data Protection Authority sets up in their guidance.

Inspection frequency

It is now possible to specify an inspection frequency for your data processors. The supervision frequency can be advantageously set based on the data processor's classification. When we plan your inspection rounds in the future, we will take this inspection frequency as a starting point.

Updated question frame

The new guidance has also given rise to updating the questionnaire that is sent to data processors in connection with an inspection. We have therefore added new questions that deal with:

• Security breach by your data processors
• Security breach by your sub-data processors
• Your data processors' handling of data processors (your sub-data processors). Eg. overview of the number of data processors, transfers to unsafe third countries and whether the data processor supervises its data processors.

We hope you will welcome the new features. If you have any further questions about DPA Service, you are, as always, welcome to give us a call or send us an email.