- Assess your compliance with the GDPR using a simple, guided, step-by-step questionnaire
- Add actions to be taken over time to build your overall action plan
- Update the results as your compliance progresses
- Cover all the legal, organisational and technical aspects that need to be assessed in your organisation, using interactive and intuitive forms based on pre-recorded templates
- On an organisational level, define the procedures to be implemented, such as managing security incidents, personal data breaches, and requests from data subjects
- On a technical level, assess the level of technical security measures in place to address the potential risks associated with particular data processing operations, such as data transfers
Identifying how compliant a company is with GDPR and the existing gaps is one of the first steps to meeting the General Data Protection Regulation requirements. That means analysing a company’s data processing activities’ legal, organisational, and technical aspects.
Whether performed directly after or at the same time as the data mapping, the GDPR audit enables you to define the maturity of your company regarding personal data protection. Furthermore, it allows you to specify the steps of your GDPR governance by establishing a clear roadmap, defining the compliance actors: data controller, DPO, processor, providers, etc., assigning tasks to them, and especially scheduling a GDPR compliance plan.
It is, therefore, an essential first step to ensure the protection of personal data used in your company.
A GDPR assessment has 3 main phases:
Legal: verifying the legal basis (consent, contract, etc.) for personal data processing and its purposes, as well as the compliance level of contracts.
Organisational: reviewing the internal processes deployed to respond to security incidents, data breaches, and data subjects’ rights requests
Technical: reviewing technical security measures implemented to adequately deal with risks arising from data processing, especially when processing sensitive data (leakage, hacking, etc.), and to ensure the protection of personal data effectively