​

• Gap Assessment

  • The Gap Assessment is a detailed set of questions based on the regulation, and will highlight gaps between your current data protection practices and the requirements under GDPR

  • The questionnaire attempts to collect information about the current Data Protection practices of each business unit across your company, in order to assess the regulatory and reputational risks of non-compliance with the EU General Data Protection Regulation ('GDPR')

  • The output will highlight gaps between your current data protection practices and the requirements under GDPR

​​

 

• 2018 Data Protection Act Questionnaire

  • This questionnaire specifically looks at the GDPR and can be used to quickly find out how compliant your company is to the regulation.

​​

• Third Party Information Security GDPR Questionnaire

  • When you have reliance on at least one 3rd party for personal data processing, then this document can be shared with them, for them to complete and provide evidence of their compliance. As part of the GDPR, if you are controlling personal data, and sub-contract to a 3rd party for data processing, then you must be aware of their data protection capabilities.

​​

• Data Privacy Impact Assessment for Business Functions

  • This questionnaire is for internal projects or functions, in order to demonstrate GDPR compliance. The document is written in alignment to the GDPR articles and can be used, following the Gap Assessment, to cross-reference specific requirements and detail for remediation planning

​​

• Scenario Exercise Data Breach

  • Exercises should be run on a regular basis, and target specific key risks which have been identified as required for mitigation. This document will help you design, manage and report on data breach exercises

​​

• Information Asset Register

  • An analysis of where your personally identifiable data resides within your organisation

​​

• Data Protection Policy

  • This is an outline policy which can be adapted for any organisation

 

• Subject Access Request Policy

  • This policy contains the detail which can be followed during a subject access request

 

• Data Flow Mapping Approach

  • This shows how you should carry our data mapping

 

• Data Mapping Tool

  • The data map will determine what personal data your organisation holds, where personal data resides within the organisations day-to-day business and where DPIAs may need to be performed

 

• Identity Proofing and Verification of an Individual

  • In circumstances where Subject Access Requests or Data Subject Rights information is to be released, the identity of the data subject should be established, in accordance with recital 64 and article 12.6. This document explains how to identify an individual, assisting you with safeguarding the data and your reputation