The GDPR sets a standard for how we handle personal data, and compliant practises are those which meet that standard. You need to know which of your practises are up to snuff, and which are not.
A self-assessment does two things: it allows you to gauge where you are at the moment, how compliant you are already; and it shows you which areas aren’t compliant, and therefore need to improve.
You’ll find the self-assessment tool at the end of this post, ready for you to download.
The idea is, you’ll identify those areas which need improvement, and start taking some practical steps towards better practise.
Common sense, right?
How does it work?
The Self-Assessment is divided into sections: Policy & Process, Records Management, etc. Under each section there are a number of different areas. There’s a description and list of tasks to complete in each area.
As you go through, ask yourself: have we completed all the tasks? Do we have all the things described? Are they of a good standard? Does everyone in the organisation know about this, and are they using any policies or processes proactively?
You give yourself a score for each task, and those scores tell you which areas need more work.
Give yourself a 2 if you have completed all the tasks on the list to a reasonable standard, and everyone in your organisation knows about that area / is using any policies or processes proactively. In other words, you’re compliant.
A score of 1 would mean you have completed some of tasks in a particular area, perhaps not all, or perhaps not to a very high standard. It’s likely that not everyone in your organisation knows about that area or work, maybe they aren’t using any policies or processes properly. You still have some work to do.
A score of 0 would mean you haven’t completed most, or any, or the tasks in a particular area. There’s a lot of work to be done.
Have a look at the Self-Assessment, and give it a go. If you get stuck, check out the posts for different areas or Contact Me.