Akkade - guiding your business to compliance - Privacy Health Check Survey

Your current position towards the GDPR

To establish a base-line it may be necessary to assess current awareness and compliance with the GDPR. It will provide us a good starting point for moving your organisation to compliance with the GDPR by exploring the needs that occur and to consider existing policies and procedures. This is not intended as an in-depth analysis but as a reference of your organisation to date.
Most of the time you will need to ask various departments of your organisation for responses.

Senior management awareness

Is there a regular discussion on data protection on your management board? YesNo Has GDPR been recognised as a challenge to the business? YesNo Is there awareness creation towards the employees in your organisation? YesNo

Policies & Procedures

Not in place: the controle mechanisms are not in place
Initial: the control mechanisms are controlled ad hoc
Standard: the control mechanisms are documented
Defined: the control mechanisms are well documented, communicated and understood
Managed: the control mechanisms are defined & being measured
Optimalized: the control mechanisms are acively measured, evaluated and optimalized

Are proper information security policies and procedures installed? Not in placeInitialStandardDefinedManagedOptimalized Are proper data protection policies and procedures installed? Not in placeInitialStandardDefinedManagedOptimalized Are there formal mechanisms in place to identify breaches and handle incidents? Not in placeInitialStandardDefinedManagedOptimalized Are third parties using the personal data? Yes, from EU countriesYes, from non-EU countriesNo Do you have proper contracts with those third parties? YesNo

New projects and initiatives

Is "Privacy by design" implemented as a standard? * YesNo Is there a review procedure during development, testing and delivery of the project? YesNo Is a Data Privacy Impact Assessment conducted when necessary? YesNo

Personal data

Personal data is defined in the GDPR as any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Personal Data

From whom is the personal data processed? EmployeesCustomersSuppliersChildrenOther Why is personal data processed? Employee administrationCustomer administrationLegal obligationMonitoringMarketingProfilingServices to third partiesOther Is there a clear and accessible processing information given to those individuals? YesNoOther Which reasons for processing of this personal data is appropriate in your organisation? Consent of data subjectNecessary for the performance of a contract Which data is collected of those persons? YesNo What is the source of the data? YesNo

Data Protection Management

Senior management awareness

Is a data protection officer appointed in your organisation? YesNo Has your data protection officer another role as well? ITLegalBusinessother Is your data protection officer an internal or external resource? InternalExternal Has the data protection officer the sufficient power to operate? YesNo Can the data protection officer regularly report directly to management? YesNo

Contact info

We need some information to contact you with the results

Your name Your E-mail

I agree with the Storage & processing of my data