GDPR Quick Self Scan

Organisatie

Website:

Uw naam

Uw e-mail adres *

Uw telefoonnummer:


A.1: Identify personal data *

YesNoTBA
A1.0 Does the organization know all information-systems and -locations where personal data is stored, on-premise and in the cloud (private/public)?
A1.1 Does the organization have a retention policy for personal data?
A1.2 Does the organization have technology to search for all information-systems and -locations where personal data is stored?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

A.2: Data classification *

YesNoTBA
A2.0 Did the organization categorize the types (confidential, public) of personal data it uses?
A2.1 Does the organization have technology to assist with data classification?
A2.2 Is there a legal justification documented for using special categories of personal data (social security number, social racial, ethnic, political, religious, trade union membership, genetic, biometric data, health, sexual orientation)?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

A.3: Use of personal data *

YesNoTBA
A3.0 Does the organization have a complete registration of how and where personal data is used ?
A3.1 Does the organization have technology in place to automate updates to the registration?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

A.4: Privacy Notices *

YesNoTBA
A4.0 Does the organization provide data subjects, at first point of contact, with privacy notices that describe how their personal data is used?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

A.5: Consent *

YesNoTBA
A5.0 Can the organization obtain consent from data subjects, prior to using their personal data?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

A.6: Communication *

YesNoTBA
A6.0 Does the organization educate employees on privacy matters and do they have knowledge how to handle in case of a privacy incident?
A6.1 Does the organization have a published way for data subjects to communicate with the organization on privacy matters or requests, such as erasure and objections?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

A.7: Erase personal data *

YesNoTBA
A7.0 Can the organization locate and erase personal data on request?
A7.1 Does the organization have technology in place to automate the requested data erasure?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

A.8: Provide personal data *

YesNoTBA
A8.0 Can the organization locate and provide the data subject with a copy of their personal data in a common, machine readable format, such as an .xls or .xml file??
A8.1 Does the organization have technology in place to automate the requested data providing?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

A.9: Data Protection Officer *

YesNoTBA
A9.0 Is there a person appointed as the Data Protection Officer (DPO)?
A9.1 Is there a GDPR managed service including parttime Data Protection Officer (DPO)?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

C.1: Privacy by design and default *

YesNoTBA
C1.0 Does the organization develop its processes, organizational structure and technology with privacy as key component?
C1.1 Does the organization have a policy to provide access to personal data using the principle of least privilege?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

C.2: Confidentiality, Integrity, and Availability *

YesNoTBA
C2.0 Does the organization have risk inventarisation to identify needed process, organization structure and technology measures to protect the confidentiality, integrity, and availability (CIA) of personal data?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

C.3: Secure IT-Infrastructure in place for: *

YesNoTBA
C3.0 Endpoint Protection Platform (anti-virus, anti-malware, blocking, encryption)
C3.1 Enterprise Mobility Management (device-, application management)
C3.2 Application Security (vulnerabilities, behaviour, access)
C3.3 Data Loss Prevention (blocking, encyrption)
C3.4 Next Generation Firewall (IP-address, port, protocol, user, application)
C3.5 Secure Email Gateway (email, virus, spam, content, black/white listing)
C3.6 Secure Web Gateway (website, url, content, black/white listing)
C3.7 Intrusion Prevention System (network traffic, threatdetection, behavior analysis)
C3.8 Identity & Access Management (authentication, autorisation, auditing)
C3.9 Web Application Firewall (OWASP, SQL injection, cross-site scripting)
C3.10 Backup & Recovery (fileservers, databases, endpoint)
C3.11 Security tooling (vendor specific, management, monitoring, logging)
C3.12 Security Information & Event Management (vendor independent, monitoring, logging, correlation)
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

C.4: Detect, and respond to data breaches *

YesNoTBA
C4.0 Does the organization detect breaches of personal data?
C4.1 Does the organization register detailed records of data breaches?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

C.5: Testing of security measures *

YesNoTBA
C5.0 Does the organization perform testing of its security measures?
C5.1 Does the organization have technology in place to regularly test, assess, and evaluate its technical security measures?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

R.1: Reporting *

YesNoTBA
R1.0 Can the organization report all activities regarding personal data, such as justification for use and types of data used by whom?
R1.1 Can the organization demonstrate its compliancy to relevant codes of conduct and legislation?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

R.2: Flows of personal data into and out of the EU *

YesNoTBA
R2.0 Does the organization have documentation of ongoing personal data transfers into and out of the EU?
R2.1 Have technology in place to track and record geographical transfers of personal data, including to or from which country the data was transferred?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

R.3: Flows of personal data to third-party service providers *

YesNoTBA
R3.0 Does the organization have documentation of processes that transmit personal data to third-party service providers?
R3.1 Does the organization embed personal data protection requirements within contracts agreements with third-party service providers?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting

R.4: Privacy Impact Assessment *

YesNoTBA
R4.0 Does the organization perform Privacy Impact Assessments (PIA), whenever it identifies high-risk processing personal data activities?
To Be Answered [TBA] - Please specify this further for LogicQ Consulting