Question Title

* 1. Have all staff had GDPR awareness training?

Question Title

* 2. Can we describe our data-collection practices as open, transparent and up-front?

Question Title

* 3. Are we clear about the purpose (or purposes) for which we keep personal information?

Question Title

* 4. Are there defined rules about the use and disclosure of information?

Question Title

* 5. Are our computers and our databases password-protected and encrypted where appropriate?

Question Title

* 6. If an individual asked us to justify every piece of information we hold about him or her, could we do so?

Question Title

* 7. Do we have a process for deleting or destroying archived data within a specific timeframe?

Question Title

* 8. Are work related emails only accessed in a secure office environment (not on a mobile or laptop) ?

Question Title

* 9. Are all portable devices secured with passwords and encryption?

Question Title

* 10. Do we have the habit of holding on to documents with client details "JUST IN CASE"?

T