Question Title

* 1. Do you have the ability to identify breaches when they occur, including personal data breaches under GDPR?

Question Title

* 2. If you suffer a data breach. Do you have a breach response plan in place?

Question Title

* 3. Does your plan consider the risks associated with the personal data breaches?

The personal data breach response plan needs to account for risk, to who we communicate and whether we communicate in the first place depends on the risk.

Question Title

* 4. Do you know how much personal data you process, and are you aware of any special categories this data may fall into?

Special categories include:
  • Racial or ethnic origin
  • Political opinions
  • Religious beliefs or other beliefs of a similar nature
  • Trade union membership
  • Physical or mental health or condition
  • Sex life and sexual orientation
  • Genetic data and biometric data

Question Title

* 5. In the event of a breach, could you identify how many data records may be affected and the nature of that data?

The nature and volume of the data breach are critical in understanding the risks associated with the breach and what are your obligations under GDPR.

Question Title

* 6. Are you aware of all your data breach risks and do you know what impact a breach would have on both your business and its data subjects?
  • Financial impact 
  • Reputational impact

Question Title

* 7. Do all staff involved in processing personal data receive data protection training regularly – at least every two years?

Question Title

* 8. Are all staff aware of the reporting procedure to follow if they discover (or even suspect) a potentially damaging data security incident?

Do you have the internal competence among staff to assess personal data breaches adequately? 
The GDPR requirements can be hard to interpret, which requires knowledge and skills.

Question Title

* 9. Do you follow data security best practice as proposed by leading standards (e.g. the PCI DSS or ISO 27001)?

Do you know that these standards contain data breach response components? They can be leveraged to build your personal data breach plan and be integrated easily? 
They also provide an appropriate  information security framework for risk. 

Question Title

* 10. Do you have specific measures in place to address any data breaches that occur in order to limit any further damage?

GDPR requires organisations to not only prevent and identify breaches but to be able to mitigate the impact once they take place.

Question Title

* 11. The GDPR mandates that certain personal data breaches must be reported to the Supervisory Authority within 72 hours of discovery. Are you confident you can meet this deadline? 


Question Title

* 12. In the event of a breach, do you have a communication plan for informing all relevant parties affected by the incident?

Under the GDPR some personal data breaches have to be communicated to data subjects (aside from the notification to the Supervisory Authority)

Question Title

* 13. Have you appointed a DPO (data protection officer) or assigned responsibility for data protection?

Someone has to be responsible for data breach reporting and/or IS managers can easily expand their remit to cover personal data breaches.

Question Title

* 14. User details

Your score will be available on the final page and you will receive an email with all the details you need in our Survival guide.
We will be in touch with more information on the GDPR and ways to successfully manage your implementation project.

Please note your answers will not be shared with any third parties. You can view our Privacy Notice here.

Question Title

* 15. Your details

0 of 16 answered
 

T