GDPR Assessment
GDPR Assessment
GDPR Assessment is for organizations who need a third-party evaluation of the adequacy of their GDPR actions. The audit measures compliance, identifies gaps and demonstrates accountability.
The goals of the GDPR Assessment are:
- Assess the sufficiency of the measures taken to comply with the GDPR
- Get an overall view of the compliance level with the GDPR
- Prioritise possible corrective actions
- Demonstrate accountability
During the audit we assess e.g. processes, relevant documentation and organisation’s privacy awareness.
“Acting after being asked is compliance, acting without being asked is kindness”
– Ron KauFMAN
Phases & Results
Phase 0: Kick-off
- Informative course on the GDPR privacy law, we want to make these law write-ups easier to understand
- We want to raise awareness on privacy and cybersecurity within the board of directors, management and other key figures within the company or organization
- We shall demonstrate the AVG.Management Tool and all of its functions.
- A Basic privacy training
Phase 1: Making an inventory of:
- The key figures that play a part concerning privacy within the organization
- The suppliers, customers, partners, Clients, Data Processors, Data Controller, and recipients of this data
- Infrastructure, information systems (and the amount of Data protection by design & default)
- Business processes and data processing within the organization
- Personal data, the terms of storing this data, and legal bases
- Privacy policies and privacy statement
- Risks and threats
- Any needed Privacy Impact Assessments
- Any needed Data Protection Officers
- Cookie statement compared to the actual situation
- Any taken technical and organizational security measurements
- Inserting this data in the AVG.Management Tool
- Privacy related issues via professional guidance on location or remotely.
Phase 2: Analyses aided by:
- The current situation: what is available now partaking to privacy- and security means
- The steps needed to become GDPR compliant
- Researching Privacy by design and Privacy by default
- Checks on policies including but not limited to: Information security, data leaks and rights of the data subjects
- Behaviouralcontrol concerning privacy
- Risks and Business impacts
- Evaluation of taken technical and organizational security measurements
- Legal view concerning the processing agreements
- Analyses using the AVG.Management Tool
Phase 3: Action plan:
- Determining the scope of the action plan involving technical, organizational and legal measurements
- To discuss a specific roadmap and a PDCA-cycle
- Instructing key figures within your organization
- Create and/or edit the privacy statements
- Create and/or edit the cookie statements
- Generate processing agreements
- Create and/or edit the procedure on data leaks
- Create and/or edit the policies on information security management
- Creating a protocol on handling the rights of data subjects and data leaks
- Assigning a privacy officer, guard(s) and/or a data protection officer
- Privacy Impact Assessment
- Plan evaluation meetings according to the Plan-Do-Check-Act cycles
- Reporting in the shape of short presentations
