# GDPR Vendor & Processor Audit (Art. 28)

> Plan and document processor audits under GDPR Art. 28(3)(h). Covers Art. 28(3)(a-h) contract compliance, sub-processor chain review, international transfer assessment (SCCs, adequacy, BCRs, TIA), Art. 32 technical measures evaluation, Art. 28(5) certification review, and corrective action tracking.



Tags: GDPR, Privacy, Processor, Vendor, Audit, Art. 28, SCCs, TIA, Compliance, Data Protection


## Example Prompts

- Plan a processor audit for our cloud hosting provider
- Verify our processor contract includes all Art. 28(3) mandatory provisions including DPIA assistance
- Audit the sub-processor chain for our CRM platform and check the controller's right to object
- Assess international transfer safeguards for our US-based processor under the EU-US DPF
- Review our processor's ISO 27001 certification as Art. 28(5) evidence of sufficient guarantees

URL: https://rakenne.app/skills/gdpr-vendor-processor-audit/index.md

Try this skill: https://rakenne.app/a/?skill=gdpr-vendor-processor-audit



## Overview

Plan and document processor audits under GDPR Art. 28(3)(h). Covers Art. 28(3)(a-h) contract compliance, sub-processor chain review, international transfer assessment (SCCs, adequacy, BCRs, TIA), Art. 32 technical measures evaluation, Art. 28(5) certification review, and corrective action tracking.


---

Back to [Skill Library](https://rakenne.app/skills/index.md)