Are you GDPR Ready? Take our Questionnaire
Your result will appear automatically at the foot of the page. Please be sure to answer all questions.
|Have you appointed a Data Protection Officer (DPO)?||x|
Implementation of GDPR measures will, in some cases, require the appointment of a Data Protection Officer. Organisations will have additional obligations and there will be changes that impact internal accountabilities and contracts. Where there is insufficient need for an internal DPO, some organisations may choose to employ the services of an external Data Protection Officer.
|Have your security personnel received training or instruction on the GDPR?||x|
Software alone cannot sufficiently counter all threats to data protection. Security personnel training should cover data processing obligations as well as the identification of breaches and risks.
|Have your senior management been briefed on the GDPR?||x|
A GDPR compliance programme should involve senior stakeholders as it will require input from all departments.
|Have all staff received GDPR awareness training?||x|
Many staff are unaware of their contribution to protecting private information and what is expected of them. The GDPR requires privacy awareness training to be provided to all employees.
|Have you reviewed and updated your privacy policies?||x|
You will need to review all existing data protection and privacy policies to ensure they comply with the new requirements.
|Have you made preparations for implementing and performing Data Protection Impact Assessments?||x|
You should assess all of your data processing activities in relation to managing data privacy and ensuring compliance. To prepare for Data Protection Impact Assessment (DPIA) requirements, you should also identify processing of sensitive data (including biometric information), surveillance activities (including CCTV), and data processing that may impact on the rights and freedoms of individuals.
|Have you assessed all points of data collection to ensure that explicit consent is properly requested in each case?||x|
The GDPR implements more stringent requirements for obtaining consent when collecting data from individuals. Data collection will have to adhere to just-in-time notification of “reason for data collection” and communicating to data subjects “how their data will be processed” and procedures for “further engagement in terms of enhanced privacy rights.”
|Have you prepared, documented and communicated processes for managing subject data access requests?||x|
Not many companies know where all their data is kept. Data may be stored in many different places, and not just inside the company or for internal use. Data is often not restricted to databases. Much of the data people work with everyday is in a variety of file formats and on different platforms, often outside the network, somewhere in the cloud. Successfully responding to data subject access requests will be a challenge in cases where process requirements have not been considered and dealt with thoroughly.
|Have processes been developed to allow individuals to amend or delete their personal data?||x|
New enhanced personal data rights, such as the “right to be forgotten” and “data portability rights” additionally necessitate the need for organisations to know what data they process and where they store it. To allow individuals to amend or delete their personal data, the capability to track data (through systems and all the different storage locations) will be required under the GDPR.
|Have data retention and destruction procedures been reviewed for all data (including offline) as used by your organisation?||x|
Documented policies and procedures should describe handling of classified information in terms of retention, responding to data deletion requests, and maintaining records of retention and destruction activities.
|Have you re-assessed your suppliers and supplier contracts in relation to the GDPR?||x|
It will be necessary for organisations to monitor the privacy compliance of suppliers, agents and shops to avoid liabilities and damages. It is also advisable to follow a formal process for selecting external suppliers that will be expected to process personal data.
|Have you made preparations to detect and report breaches as part of a response plan?||x|
Breach notifications are already mandatory elsewhere in the world. The GDPR introduces requirements for breach responses, particularly for breaches that affect data belonging to private individuals in the EU.
|Have you prepared data breach notification procedures for informing data subjects?||x|
It will be necessary to maintain a protocol for communicating breaches. A breach response plan should cover communication to affected individuals and describe processes for co-operating with regulators, credit agencies, and law enforcement.
|Have you prepared for regular compliance audits or reviews to identify and fix issues?||x|
It will be necessary to maintain a protocol for communicating breaches. A breach response plan should cover communication to affected individuals, and also describe processes for co-operating with regulators, credit agencies, and law enforcement.
|Have you made preparations to abide by the GDPR codes for ‘Privacy by Design and by Default’?||x|
This requirement will call for evidence that you have considered and incorporated compliance measures into your data processing activities. This includes adopting appropriate policies for integrating privacy-by-design and privacy-by-default, as well as pseudonymising and data minimisation.
Answer all of the above to see your result here
Getting You GDPR Ready
We are Perspective Risk
Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.
Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.
Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.