
Data Privacy Life Cycle Support
The Data Privacy Management Life-cycle

Data Privacy Assessment Areas

01. Governance
Have you included in your processes and procedure the GDPR requirements? Are the roles and responsibilities with DPO defined and applied?

05. Data Storage and deletion
Do you know where the data is actually stored? Have you produced mapping of data flows ? Have you identified automated processing of personal data via IT tools?

09. Data Controller, Outsourcing and Third Parties
Do you maintain a register of third parties from whom you are submitting personal data? Do you regularly audit your third parties?

02. Accountability
Have you produced / defined procedures to ensure your departments processing personal data respect Data Protection principles?

06. Privacy by design / by default
Is data deletion integrated in new projects conception? Is GDPR screening integrated in every new IT project procedure?

10. Data Protection Impact Assessment
Have you defined a template for Data Privacy Impact Assessment and to identify high risk data processing?

03. Training
Has IT personnel been trained about GDPR and Personal Data issues / requirements / duties? Are these trainings regular?

07. Security and incident Management
Has IT security of personal data been ensured via dedicated servers? Have you implemented secured email box for personal data transfers?

11. Data Transfer Outside EU or Third Parties
In case of data transfers to third parties, do you keep a backup of the data sent? What kind of encryption is used when the data is transferred?

04. Data Subject Rights
Have you informed the data subjects of their rights, the purposes for collection, processing and transfers for each data ?

08. Special Categories of personal data
Do you store any special categories of data? Do you have appropriate approach to safe-keep those data?

12. Processing for statistical purposes
Are procedures defined to anonymize or pseudonymize personal data used in statistical or scientific studies?