Ohh! very nice
8:22 a.m.
Your business has conducted an information audit to map data flows. | |
Your business has documented what personal data you hold, where it came from, who you share it with and what you do with it. | |
Your business has identified your lawful bases for processing and documented them ? | |
Your business has reviewed how you ask for and record consent ? | |
Your business has systems to record and manage ongoing consent. | |
If your business relies on consent to offer online services directly to children, you have systems in place to manage it. | |
Your business is currently registered with the Information Commissioner's Office. | |
Your business has provided privacy notices to individuals. | |
2.2 Communicate the processing of children’s personal data | |
Your business has a process to recognise and respond to individuals' requests to access their personal data. | |
Your business has processes to ensure that the personal data you hold remains accurate and up to date. | |
Your business has a process to securely dispose of personal data that is no longer required or where an individual has asked you to erase it. | |
Your business has procedures to respond to an individual’s request to restrict the processing of their personal data. | |
Your business has processes to allow individuals to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability. | |
Your business has procedures to handle an individual’s objection to the processing of their personal data. | |
Your business has identified whether any of your processing operations constitute automated decision making and have procedures in place to deal with the requirements. | |
Your business has an appropriate data protection policy. | |
Your business provides data protection awareness training for all staff. | |
Your business has a written contract with any data processors you use. | |
Your business manages information risks in a structured way so that management understands the business impact of personal data related risks and manages them effectively. | |
Your business has implemented appropriate technical and organisational measures to integrate data protection into your processing activities. | |
Your business understands when you must conduct a DPIA and has processes in place to action this. | |
Your business has a DPIA framework which links to your existing risk management and project management processes. | |
Your business has nominated a data protection lead or Data Protection Officer (DPO). | |
Decision makers and key people in your business demonstrate support for data protection legislation and promote a positive culture of data protection compliance across the business. | |
Your business has an information security policy supported by appropriate security measures. | |
Your business ensures an adequate level of protection for any personal data processed by others on your behalf that is transferred outside the European Economic Area. | |
Your business has effective processes to identify, report, manage and resolve any personal data breaches. |
© 2019 The Document Warehouse UK Ltd