Our clients are more and more aware of their GDPR obligations. Sometimes they want PNO to fill out GDPR / IT detailed technical questionnaires. Some clients offer PNO a Processing Agreement to sign. Often clients use Procurement Policies to comply with.
Update Q1 2022: INNEN has been bought by PNO Group holding B.V.
In the case of PNO management consulting / advice using InnovationPlace, the below story should suffice:
- Personal Data used hardly encompass more than Business Contact Information and most of them are also publicly known (like name and business email and occupation)
- InnovationPlace is owned bij PNO (Intellectual property at PNO Group holding B.V.), managed by InnovationEngineering (INNEN) and INNEN is ISO 9001 / 27001 certified; see https://www.innovationengineering.eu
- INNEN executes a Service Level Agreement, had a Processing Agreement with INNEN (Ask DPO at GDPR@PNO.group)
- InnovationPlace runs in the cloud at an ISO 27001 certified hosting company in Italy: the hosting company is IRIDEOS Spa and at the following link all their certifications are listed officially: https://irideos.it/en/certifications
- The PNO Privacy Statement and Cookie Policy apply; see the footer of any PNO country / label / project website or InnovationPlace itself
- The PNO board and workers council approved the PNO Information Security Policy (ISP) and staff works accordingly; see ISP
In the light of the above story, filling out detailed GDPR /IT technical questionnaires is not needed. When using a standard PNO contract in combination with the PNO Terms & Conditions, a Processing Agreement is not needed. However, if a client wants such a Processing Agreement (PA); PNO offers a standard format, see PA. Last, please do check the client’s Procurement Policy for peculiarities on Data Breaches and/or Audits.