Title Page
-
Name of Organization
-
Conducted on
-
Data Controller
-
Location
Lawful basis and transparency
-
Conducted an information audit to determine what information you process and who has access to it
-
Have a legal justification for data processing activities (refer to article 6)
-
Provided clear information about data processing and legal justification in the organization's privacy policy
Data Security
-
Follows the principles of "data protection by design and by default"
-
Implements encryptions such as pseudonymination, anonymation and etc.
-
Created an internal policy for team members that builds awareness on data protection (i.e., knowledge on email security, passwords, two-factor authentication, device encryption, and VPNs)
-
Have a data protection impact assessment scheduled and a process in place to carry it out
-
Have a process in place to notify the authorities and data subjects in the event of a data breach
Accountability and governance
-
Anointed personnel to ensure GDPR compliance across the organization
-
Signed data processing agreements between the organization and third-party services that handle personal data on your behalf
-
Appointed a Data Protection Officer (if necessary)
Privacy rights
-
It's easy for customers to request and receive all the information you have about them
-
It's easy for customers to correct or update inaccurate or incomplete information
-
It's easy for customers to request their personal data to be deleted
-
It's easy for customers to ask you to stop processing their data
Completion
-
Data Controller's Signature