Awareness
1
Do your decision makers and key people within your organisation understand the changes to the law that GDPR will have?
Do they appreciate the impact it is likely to have and the resources needed to be compliant?
2
Does your business understand the penalties that GDPR can impose on businesses that are found to not be compliant
with the new policies and regulations?
3
Have you begun to raise issues, track risks and raise awareness across the business?
Policies and procedures
4
Has direction been provided by management for GDPR compliance in the form of policies and procedures?
5
Are regular reviews in place to ensure compliance and policies, procedures and security controls are updated on a regular basis?
6
Is there suitable training in place for the business on policies, procedures and security controls?
Consent
7
If your business offers services directly to children, do you have systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity if individuals are under 16 years of age? Is the privacy information communicated in a clear plain manner that a child will understand?
8
Do you know how your seek, record and manage consent?
9
Do you have an effective audit trail and appropriate mechanisms to manage the record of consent?
Information security and incident management
10
Do you have the right procedures in place to detect, report and investigate a personal data breach?
11
Does your business have mechanisms in place to assess and then report relevant breaches to the Information Commissioner’s Office (ICO) when individuals are likely to suffer some form of damage through identity theft or confidentiality breach?
12
Do you have the mechanisms in place to notify affected individuals where the result of a breach is likely to result in high risk to their rights and freedoms?
13
Do you know where the personal data you hold is stored? Where this came from and who you share it with?
14
Do you conduct information audits to determine the data flows within the business?
Privacy notices and impact assessments
15
Are you familiar with and does you business understand what a Privacy Impact Assessment (PIA)/Data Protection Impact Assessment (DPIA) is, when it is to be conducted, the processes in place to action them and have the DPIA framework linked to your risk management and project management process?
Individuals rights
16
Do your current procedures cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format?
Subject access request
17
Have you updated your procedures and know how you will handle requests from individuals for access to their personal data within the new timescales (1 month rather than 40 days) and be able to provide any additional information as required by GDPR?
Data protection officer
18
Have you designated someone to take responsibility for data protection compliance and where this role will sit within your organisation’s structure and governance arrangements? (If you are a public authority or carry out large scale monitoring of individuals or carry out large scale processing of special categories of data or data relating to criminal convictions you will need a DPO.)
Privacy notices and impact assessments
19
Have you recently reviewed your current privacy notices and have a plan in place to make the necessary changes in time for GDPR?
Data protection officer
20
Have you empowered your DPO through provision of appropriate training and reporting mechanisms to senior management?
Lawful basis for processing personal data
21
Can you identify and review the various types of information processing you carry out?
22
Have you identified the lawful basis for your processing activity, documented it and updated your privacy notice to explain it?
International compliance
23
Does your organisation operate in more than one EU member state (i.e. you carry out cross-border processing) and have you determined your lead data protection supervisory authority? Article 29 Working Party guidelines will help you do this

Thank you!

Your assessment is now complete

What happens next?

Upon clicking submit you will receive an email copy of the report which will highlight possible deficiencies or compliance issues.

A member of Corporate Security Consultants cyber division may be in contact with you to discuss your needs further if we identify areas where our support may be of benefit to you or your organisation.

What you need to do?

Simply fill out the mandatory fields below and then click submit.

Disclaimer

Please note: This assessment is for guidance purposes only and does not constitute overall compliance towards GDPR.

The assessment generated is based upon your answers and understanding of you or your organisations current and future policies and procedures. We strongly recommend that if you are unsure of any areas of compliance in preparation for GDPR then you contact Corporate Security Consultants who will be happy to provide individual guidance specific to you or your organisation.

Any information gathered during your submission of this assessment will remain confidential and in the care of Corporate Security Consultants only and will not be used for any other purpose other than supporting you or your organisation in preparation for GDPR.