For how long do you store customer data?
How does your organization handle instances when customers request their data be removed from your system(s)?
How is sensitive information stored, and do you have processes in place in the event of a data breach?
How will you verify to customers that you are in compliance with the new regulation?
How you handle data protection requirements with any of your sub-processors?
What happens when we receive an email?
What processing operations are done by the Data Processor (ORRO Family)?
Where is your customer data physically stored?
Which of your teams will have access to customer personal information