PRI-18: Data Controller Communications

PRI-18 · Data Controller Communications

Control Description

Mechanisms exist to receive and process data controller communications pertaining to: (1) Receiving and responding to data subject requests; (2) Updating/correcting Personal Data (PD); (3) Accounting for disclosures of PD; and (4) Accounting for PD that is stored, processed and/or transmitted on behalf of the data controller.

Control Question

Assessment question for control validation

Does the organization receive and process data controller communications pertaining to: (1) Receiving and responding to data subject requests; (2) Updating/correcting Personal Data (PD); (3) Accounting for disclosures of PD; and (4) Accounting for PD that is stored, processed and/or transmitted on behalf of the data controller?

Control Weighting

Validation Cadence

Semi-Annual

NIST CSF Function

Govern

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 2 - Operational

Tier 3 - Tactical

Additional Metadata

Applicability (Process):