1 8

15980 - Project One GDPR Brochure RGB REVISED JAN 2018 v2

Rate your business on a scale of 1 to 5 for each of the following 15 questions; (1 = no/don’t know, 2 = somewhat, 3 = aware but no action yet taken, 4 = plans in place, 5 = fully compliant).

SCORE TOTALS

1. ACCOUNTABILITY 1.1 Executive Accountability. Is your Board of Directors aware of the

GDPR requirements for the business and for their functional responsibilities? 1.2 Management Accountability. Does your business have a nominated data protection officer?

1.3 Individual Accountability. Does your business provide data protection awareness and instruction for all staff to ensure their compliance with the GDPR?

2. GOVERNANCE 2.1 Policy. Has your business established a data protection policy compliant with the requirements of the GDPR? 2.2 Data Held. Has your business catalogued all the personal data it holds, where it is held and how it is processed and/or shared?

2.3 Data Protection by Design. Has your business established a process to ensure new products, services or initiatives are privacy-proofed at the design stage?

3. PRIVACY AND CONSENT 3.1 Privacy Notices. Does your business have privacy notices readily available if needed?

3.2 Consent Management. Has your business established a process to gain adequate and informed consent, including the additional responsibilities where children's data is concerned? 3.3 Delivering Individual Rights. Is your business equipped to respond to individuals' rights to access, amend, export or delete their personal data within the required timescales? 4. HOLDING AND HANDLING DATA 4.1 Lawful Basis for Processing Data. Has your business confirmed it has a 'lawful basis' for holding and processing personal data under the GDPR? 4.2 Data Quality and Accuracy. Has your business taken steps to ensure all personal data is of sufficient quality and accuracy to make decisions about individuals?

4.3 Retention and Disposal. Has your business established a process to routinely dispose of personal data that is no longer required, in-line with agreed timescales?

5. DATA SECURITY 5.1 Security Policy. Has your business established an information security policy supported by appropriate security measures? 5.2 Data Transfers. Does your business ensure an adequate level of protection for personal data processed or held by others on your behalf, including data transferred outside the European Union? 5.3 Data Breaches. Does your business have in-place the capability to recognise, report and resolve a data breach?

YOUR SCORE OUT OF 60 =

If you scored fewer than 60 points, you have work to do and little time left to do it! Project One can help.

4.

Made with FlippingBook - Online Brochure Maker