Privacy and Security

GDPR – Checklist

JESI is considered to be a Processor that engages and integrates with Sub-processors

Definition: Processor

A natural person or legal entity that processes personal data on behalf of the controller (e.g., a call centre acting on behalf of its client) is considered to be a processor. At times, a processor is also called a third party.

JESI provides cloud-based software that ‘customers’ or ‘controllers’ purchase and as a company JESI has a responsibility to ensure that the security provisions maintained in the SAAS are compliant to the obligations under the GDPR.


  Activity Expected Timeline or Completed
1 Conducted an information audit to map data flows Completed
2 Documented what personal data JESI holds, where it came from, who the data is shared with and what is done with it. Completed
3 Appropriate data protection policy Completed
4 Nominated a data protection lead or Data Protection Completed

For the full checklist click the below link.

GDPR – Check List