GDPR Data Protection. Free GDPR Assessment

The new GDPR regulation requires business to review and implement procedures that affect many departments. Each area of the new rule book from consent to security will need to be reviewed against current working practices, For existing data architecture from sales to delivery services.

Understanding how to bring your team to be ready for May 25th 2018 will play an important part of compliance preparation.

The simple to follow questions will give you an insight as to the challenges and decisions you are likely to have to implement a set of policies that protect your business and serve the needs of regulation.

You can revisit the questions as often as you wish, we will only provide a general indication of total readiness by placing a score against your answers relating to an absolute ready answer verses a completely not aware answer. This is just an initial prompt which is supported by a full report that will follow shortly after the questions are completed.

We will keep your information confidential in line with our privacy policy, please not that we may contact you if we believe that our services may help you to achieve GDPR readiness you will be able to request no further contact at each and every opportunity.

The process is free, quick and simple to complete

Click here to begin

Question 11

How aware are your employees of GDPR and Data Protection Security?

We have briefed all members of staff regardless if they have contact with the general public on data protection and the new GDPR regulation and data security.
We have given a brief outline of data protection, and we will be do more if we receive more requests about data we have processed.
We haven't considered what impact GDPR has had on our business.
We don't need to ask about data protection as all of our customers are repeat business.
We provide information in our monthly newsletter on things the staff need to be up to speed with.

Question 22

Do we provide customers with information on how long we retain their data when collecting specific data ?

We always explain the retention of data policy at the point of data collection and disclose in our privacy policy regulation.
We do have a data policy but the customer does not always get an explanation of how long we retain data.
We do not have a data retention policy which we use.
We are unsure as to how often our staff consistently provide information on data retention.
We only give customers retention information if they request it from ourselves.

Question 33

Are we able to handle a request for data access by a subject?

We have established key individuals who will provide all requested information within the 30 day time scale.
We don’t get access requests today so are unsure as to what is required.
We will struggle to find historical information if requested as it is stored in a different location.
We only receive requests on the telephone so have no formal record other that order forms.
We have a support company who looks after our data, we would need to ask them.

Question 44

Can we easily identify where all Personally identifiable information (PII) is processed in our business?

We have not yet mapped where new and historical personal identifiable data is hosted in our company.
We have a clear map of where data is situated for sales but not all departments.
We have audited all data held by the company and understand the location of all PII removed non permission data and have created a robust process for lawful processing and storage.
We hold data in different departments and would need to review how they are connected.
We have a lot of historical data that we have not yet organised.

Question 55

Have you confirmed contractual and audit for third party product and services providers?

We have new contracts in place to provide a high level of protection to processing of personal identifiable information and carried out due diligence testing and put in place ongoing audits.
We do not have any contracts with third party suppliers.
We do have an existing contract with our third party supplier but we do not monitor or audit their systems.
We have third party hosting, email and text but do not have GDPR references in our contracts.
We have contracts with our suppliers and are reviewing how they protect personal identifiable information.

Question 66

Have you assessed the requirement of your business to nominate a data protection officer?

We have a technical person who will review our requirements.
We won't need one were too small.
We don't yet understand what this will do for our business.
We have appointed a formal Data protection officer.
My finance company says they will share best practice.

Question 77

Is there a company policy on how to react if you become to a data breach

Talk to the customer and confirm when the breach happened and apologise.
Call in contractors to find out what happened.
We don't have enough data to worry about someone stealing it.
We have planned and trained our staff on breach procedures and tested responses.
Try to resolve it as best we can – but we do not have a formal plan.

Question 88

Have you selected a framework or system to process personally identifiable information to ensure you can react to the rights of the individual elements of the regulation?

We may consider how we access data if the questions become common place.
We're not data system designers we simply file things away.
We don’t have a formal data protection process and we haven`t carried out a risk impact assessment.
We get a customer declaration signed but it stops there.
We have designed a process dedicated to responding in line with regulation time frames to information an access requests.

Question 99

Please confirm at which customer touch points you collect specific data consent?

We only have data declaration statements when product companies requested them.
We have a blanket data statement that confirms we do a range of things with the data we hold.
We have data declarations, but they don’t always get filed.
We have a centralised managed function that ensures that data consent is lawfully collected across all customer touch points. (including web sites, forms, telephone and email)
We only have a couple of data forms where this would apply, so it is easy just to request consent at those points.

Question 1010

When using web service providers for archives and back ups and hosting are they based in the EU?

We always use UK based service providers but I don’t know where the data actually is kept.
Our technical support company do this, I have no idea on location.
Our internet provider takes care of our hosting and they are an American company.
We are aware that the location of processing is within the EU, EEA country as rated as “Adequate” by the supervisory authority.
We do not as yet check the location of our data storage.

Question 1111

Does your company have a robust document handling and storage data protection structure?

We don’t distinguish between different types of records we keep.
We have a straight forward filing system that works but isn't written down or mapped.
We don't have a formal process for personal information unless it is accounts based information.
We have centralised and well-maintained information on the location, purpose and classification of all of our personal identifiable information.
We understand about data protection but do not have it documented.

Question 1212

How secure are your devices and network against Hacking

We are too small for a security policy.
I think we have good information security, but we have a man that does that.
We have a strong information and data handling policy that ensures regular updates of passwords , protection software and encryption of data and conduct regular training.
We have basic antivirus software but don’t think we are a big enough fish for hackers to waste time on.
We have considered reviewing our security and are looking to introduce more adequate software.

Submit

Result

Thank you for taking our free GDPR Assessment. Based on your knowledge, your score is

100/100

Return to Home Page

Welcome to the GDPR assessment questions

THIS WEBSITE IS BASED IN

SSL SECURED SITE

WE ACCEPT THE FOLLOWING FORMS OF PAYMENT