|
ARE YOU GDPR READY?
The following questions will determine if your organisation is prepared in the key areas required to meet GDPR compliance. Please consider the answers to these questions based on your own organisation and any contracted suppliers who may come into contact with your data and information.
|
|
Do you know, and have you documented,
the types of information held across your
business, the relative importance,
criticality, sensitivity and how the
information is being used? |
Does your organisation collect, process and/or store data about children, and if so, have the GDPR implications been identified, assessed, documented and appropriate remediation
plans defined? |
Are key stakeholders in your business aware of the changes around GDPR and
its implications to your organisation? |
Does your organisation have clear oversight and compliance reporting of all applicable legal and regulatory data privacy requirements for holding, processing and sharing information? |
Has your
organisation
carried out an assessment
to
identify system and
control changes that may be required
as a result
of GDPR? |
ARE YOU GDPR
READY? |
Does your
organisation
have a designated
Data Protection Officer (DPO) or someone with specific responsibility
for data and information privacy? |
Do you know, and have you documented,
the types of information held across your
business, the relative
importance,
criticality, sensitivity and how the
information is being used? |
Does your organisation have a process to identify the need to undertake, and complete Data Protection Impact Assessments? |
Does your organisation understand where its data and information is held, how it is processed and the controls applied (particularly when it comes to cloud computing, third party suppliers and partners, and foreign jurisdictions)? |
Have you
revised your
organisations (security) incident reporting plans and processes to address the identification,
management, investigation and
reporting of data breaches? |
|
|
If you have answered 'no' or 'not sure' to more than one of these questions, you may need help in implementing processes and procedures that will help your organisation get ready for GDPR.
|