- Assess the legal, organizational and technical aspects of your organization with easy-to-use interactive forms
- Legal: link measures taken to legal bases, manage processor contract compliance, and more
- Organizational: identify the procedures to be implemented regarding security incidents, personal data breach management and data subject requests (DSR)
- Technical: assess the technical security measures taken to deal with data processing risks such as data transfers
- For guidance in the management basics, use our templates to assess your organization’s compliance level, whether you have a DPO or not
Describing an organization’s compliance level and identifying existing gaps and non-compliances is one of the first steps in working toward GDPR compliance. It requires a true diagnostic test in which the legal, organizational and technical aspects of the data processing performed by an organization are carefully analyzed.
The GDPR diagnostic test can be conducted simultaneously with data mapping, or immediately afterward. The diagnostic test helps you determine the maturity level of your organization in terms of personal data protection. It allows you to lay the foundations of your GDPR management by helping you to establish a precise roadmap, identify the key compliance players — data controller, DPO, processor, third parties, control authority, etc. – assign them tasks, and most importantly establish a GDPR compliance schedule.
A GDPR diagnostic test is a fundamental step for protecting the personal data circulating in your organization.
A GDPR diagnostic test has three aspects:
Legal: verify the legal basis (consent, contract, etc.) on which the personal data processing activity is based, the purposes for which it is carried out, and the level of contract compliance
Organizational: review the internal procedures deployed to deal with security incidents, data breaches and data subject requests (personal rights)
Technical: review the technical security measures implemented by the organization to effectively respond to data processing risks — especially when sensitive data is involved (leaks, hacking, etc.) — and to ensure effective protection of personal data