GDPR Assessment

GDPR Assessment is for organizations who need a third-party evaluation of the adequacy of their GDPR actions. The audit measures compliance, identifies gaps and demonstrates accountability.

The goals of the GDPR Assessment are:

  • Assess the sufficiency of the measures taken to comply with the GDPR
  • Get an overall view of the compliance level with the GDPR
  • Prioritise possible corrective actions
  • Demonstrate accountability

During the audit we assess e.g. processes, relevant documentation and organisation’s privacy awareness.

“Acting after being asked is compliance, acting without being asked is kindness”
– Ron KauFMAN

Phases & Results

Phase 0: Kick-off

  • Informative course on the GDPR privacy law, we want to make these law write-ups easier to understand
  • We want to raise awareness on privacy and cybersecurity within the board of directors, management and other key figures within the company or organization
  • We shall demonstrate the AVG.Management Tool and all of its functions.
  • A Basic privacy training

Phase 1: Making an inventory of:

  • The key figures that play a part concerning privacy within the organization
  • The suppliers, customers, partners, Clients, Data Processors, Data Controller, and recipients of this data
  • Infrastructure, information systems (and the amount of Data protection by design & default)
  • Business processes and data processing within the organization
  • Personal data, the terms of storing this data, and legal bases
  • Privacy policies and privacy statement
  • Risks and threats
  • Any needed Privacy Impact Assessments
  • Any needed Data Protection Officers
  • Cookie statement compared to the actual situation
  • Any taken technical and organizational security measurements
  • Inserting this data in the AVG.Management Tool
  • Privacy related issues via professional guidance on location or remotely.

Phase 2: Analyses aided by:

  • The current situation: what is available now partaking to privacy- and security means
  • The steps needed to become GDPR compliant
  • Researching Privacy by design and Privacy by default
  • Checks on policies including but not limited to: Information security, data leaks and rights of the data subjects
  • Behaviouralcontrol concerning privacy
  • Risks and Business impacts
  • Evaluation of taken technical and organizational security measurements
  • Legal view concerning the processing agreements
  • Analyses using the AVG.Management Tool

Phase 3: Action plan:

  • Determining the scope of the action plan involving technical, organizational and legal measurements
  • To discuss a specific roadmap and a PDCA-cycle
  • Instructing key figures within your organization
  • Create and/or edit the privacy statements
  • Create and/or edit the cookie statements
  • Generate processing agreements
  • Create and/or edit the procedure on data leaks
  • Create and/or edit the policies on information security management
  • Creating a protocol on handling the rights of data subjects and data leaks
  • Assigning a privacy officer, guard(s) and/or a data protection officer
  • Privacy Impact Assessment
  • Plan evaluation meetings according to the Plan-Do-Check-Act cycles
  • Reporting in the shape of short presentations