GDPR Screening
In this section, we provide answers to questions that are typically asked during a GDPR screening.
- Do you know how personal data is stored, processed, shared and used within your organization?
- Have you performed a data processing audit, identifying all the elements requiring modification within your current data processing activities?
- Do you keep a registry of all operations performed on personal data related to the following processes: collection, storage, use, sharing and destruction?
- Do you have an impact assessment process in place (one that will be applied and documented for each process that presents a risk)?
- Are you able to guarantee that the amount of personal data collected will be strictly limited to that which is necessary for the optimal use of any new product, service or application?
- Do you perform third-party security audits / due diligence checks on the companies you collaborate with?
- Have you appointed a Data Protection Officer?
- Have you updated all of your policies to include and meet GDPR regulations?
- Is DESelect GDPR Compliant?
- Do you have a Data Protection Policy in place?
- Did you define your data retention rules?
- What are the data retention policies for DESelect?
- Will you secure personal data in transfer through encryption, pseudonymisation and/or anonymisation rules?
- Will you secure personal data at rest through encryption, pseudonymisation and/or anonymisation rules?
- Are all your employees trained on GDPR Data Protection compliance?
- Will your organisation process and/or store all customer data within the EU?
- Do you have a subcontractor outside the EU?
- Are you using cloud services to process customer data? Are these GDPR compliant?
- Does your organisation have offices, servers,… outside the EU?
- Can data subjects easily access, rectify and erase their data?