How to Comply with the New EU Data Protection Regulation
This check covers the key areas of personal data security in the proposed EU Data Protection Regulation. It is provided to help companies identify anticipated areas of non-compliance in advance of the Regulation coming into force.
start
 
Before we start the questionnaire, please fill in a few details.

 
First Name *

 
Last Name *

 
Your Company *

 
Contact Telephone Number *

 
1. Do your core business operations involve the regular and systematic monitoring of data subjects on a large scale? *

Data subjects are individuals who are identified or identifiable from data. For the purposes of this check data refers to information which directly or indirectly identifies individuals. It includes, but is not limited to, payment details, customer records, healthcare information.
     
 
YES: You need to adopt the full requirements of this Regulation, including a named Data Protection officer.

 
NO: If you process personal data, you will still need to comply with the vast majority of the Regulation, including the security requirements set out in Article 30.

 
2. Do you have a data protection policy which guides your employees in how to keep personal data secure? *

     
 
YES: Well done. Make sure that it is clearly communicated to your employees.

 
NO: You should adopt a data protection policy and then communicate it clearly to your employees.

 
3. Are your company laptops encrypted? *

     
 
YES: Well done. The personal data on it is safe, even if the laptop gets lost or stolen.

 
NO: You should secure personal data on laptops. Fines for unprotected data breaches will range up to €20 million or 4% of total worldwide annual turnover, whichever is higher.

 
4. Do you store personal data in the cloud? *

This could include customer data in salesforce.com, on Dropbox etc.
     
 
YES: You should ensure that data is encrypted at all times, including when it’s in transit (e.g. while being uploaded).
Also be mindful that transferring data, including via the cloud, to countries outside the European Economic Area (EEA) is restricted under the Regulation.

 
NO: If you move to the cloud in the future, make sure that the ability to encrypt the data – both in the cloud and also when being transferred – is on your core requirements list.
 Also be mindful that transferring data, including via the cloud, to countries outside the European Economic Area (EEA) is restricted under the regulation.

 
5. Do you encrypt personal data sent by email? *

     
 
YES: Well done. Email is a common source of accidental leaks.

 
NO: Email is a common source of accidental leaks and you will need to adopt an email encryption solution. Fines for data breaches will range up to €20 million or 4% of total worldwide annual turnover, whichever is higher.

 
Do you have personal data on removable media *

e.g. USB devices, CDs, DVD, etc...
     
 
YES: You should make sure that the data is encrypted and can only be accessed by authorised users.

 
NO: If you do start holding data on these media in the future you should ensure that it can be encrypted.

Thank you.

We can work with you to ensure that you are not only compliant with the new EU General Data Protection Regulation; but also support you with a complete training solution through our Digital Training Academy.
Contact Us Now