1.Who is responsible for data protection compliance within your organisation?
All Devon County Council staff are responsible for ensuring that their handling of personal data, complies with the requirements of data protection legislation. The Council’s Data Protection Officer, Martin Lawrence is responsible for monitoring data protection compliance across the organisation. Executive responsibility for data protection compliance rests with the Council’s Senior Information Risk Owner, Matthew Jones.
2.Do they know who performs the data sanitisation processes for the organisation?
Yes
3.Are they aware of the Information Commissioner’s Office approved GDPR certification scheme?
The Data Protection Officer is aware of the Information Commissioner’s Office (ICO) Approved GDPR Certification Schemes.
4.If no, would they find these schemes useful to help with their compliance?
Not applicable.
5.If yes, do they specify the use of GDPR certification schemes for vendor selection?
Devon County Council does not currently require vendors to be certified to GDPR certification schemes.
6.Do you utilise an ADISA certified ITAD service provider for your IT asset disposal needs?
Devon County Council does not currently contract with an ADISA certified IT asset disposal company. The company used by Devon County Council for IT asset management are aligned with Best Available Treatment, Recovery and Recycling Techniques (BATRRT).