Printed from CheckTick DSPT Compliance Documentation
GDPR Article 28 Contract Review Log
Date of Review: 03/01/2026 Reviewer: [SIRO Name] (SIRO)
| Supplier | DPA Status | Article 28 Compliant? | Mechanism |
|---|---|---|---|
| Northflank | Active | Yes | Online DPA (UK Data Residency) |
| Mailgun | Active | Yes | Online DPA + UK Addendum |
| Github | Active | Yes | GitHub Data Protection Agreement (included in Standard Terms) |
Review Checklist for Article 28 Compliance:
- [x] Processing is only on written instructions from CheckTick.
- [x] Duty of confidence for supplier personnel.
- [x] Appropriate technical and organizational security measures.
- [x] Sub-processor rules (CheckTick must be notified of changes).
- [x] Assistance with data subject rights (DSARs).
- [x] Deletion or return of data at the end of the contract.
- [x] Audit and inspection rights.