Printed from CheckTick DSPT Compliance Documentation
GDPR Article 28 Contract Review Log
Date of Review: 03/01/2026 Reviewer: [SIRO Name] (SIRO)
| Supplier | DPA Status | Article 28 Compliant? | Mechanism |
|---|---|---|---|
| Northflank | Active | Yes | Online DPA (UK Data Residency) |
| Mailgun | Active | Yes | Online DPA + UK Addendum |
| Github | Active | Yes | GitHub Data Protection Agreement (included in Standard Terms) |
Review Checklist for Article 28 Compliance:
- Processing is only on written instructions from CheckTick.
- Duty of confidence for supplier personnel.
- Appropriate technical and organisational security measures.
- Sub-processor rules (CheckTick must be notified of changes).
- Assistance with data subject rights (DSARs).
- Deletion or return of data at the end of the contract.
- Audit and inspection rights.