Have the Board been made fully aware of the need for GDPR Compliance?
Have the requirements of GDPR been communicated to the wider business?
Have you communicated to your suppliers, your requirements for compliance to the GDPR?
Have you completed an audit of the data you hold in the last 6m months?
Have you assessed both electronic and paper based information?
Have you assigned owners to the different types of data you hold?
Have you reviewed all your policies which relate to Data Protection?
Have you identified key processing activities and documented the process?
Have you developed a process for handling data breaches?
Have you assessed each ‘Right’ under GDPR to establish if it’s applicable?
Do you have a process for handling ‘Subject Access Requests’ (SAR)?
Do you have a process for logging Subject Access Requests?
Where ‘Consent’ is the lawful basis for processing, do you have evidence of ‘Consent’ being given?
Do you have a process that is easy for people to remove their Consent?
Have you communicated the basis for processing to Data Subjects?
Have you got a process for conducting DPIA’s?
Has the process for conducting DPIAs been communicated internally?
Have you considered the international reach of your organisation?
Have you put in place additional security for international transfers?
Simply select which option best fits where you are in your Data Protection process.
Your results are mostly...
Fantastic! It looks like you’re doing a great job of keeping on top of your Compliance programme. Of course we both know that there is so much Data Protection, and it is constantly moving, so if you would like to learn more about ways you can evidence that your Compliance programme is working well, or to learn how to improve on some of your practices please get in touch by completing the form opposite and we will get in touch to discuss how we can help you.
There is a lot of work that goes into creating a good Data Protection Compliance programme. It isn’t a simple ‘tick box’ exercise, so it’s no surprise that it looks like you have some work to do. It’s important to get the basics in place so take the test again and note the areas you were unsure about and think about how you might go about evidencing compliance. Having a plan to address some of the risk areas is really important, and should help drive your compliance programme forward. If you’re still concerned about your score or would like to know more about how we can help you build a good GDPR Compliance programme, please get in touch using the form opposite and we will get in touch to discuss how we can help you evidence that you’re ‘Giving Data Proper Respect’.
The GDPR is a very comprehensive regulation and there is a lot to it, and much of it is open to interpretation by you, so don’t be shocked by this result. The important thing is that you now take action to address this and ensure you have a Compliance programme that works for you. Remember that the GDPR is a Law. It’s not a ‘nice to have’, so you do need to take action today. First steps would be to go back through the questions and develop an action plan to address any areas of concern. If you are not the head of the organisation, then why not ask them to complete the questions and see where you go from there. Ultimately it is their responsibility and they will be held accountable if anything goes wrong. If you need help reminding them of that, or need any help at all with the GDPR then please complete the form opposite and we will get in touch to discuss how we can help.