1. Data Processing Registry Mapped and Inventorised

Have you identified and described business processes involving personal data?

2. Assessments Completed and Documented

Have you completed and documented compliance assessments?

3. Roles Assignments Defined

Have you defined and assigned data processing roles? (Data Controller(s), Data Processor(s); DPO; Data Steward; etc.)

4. Legacy Data Risk Assessed and Cessation of Unlawful Processes Documented

Have you identified legacy data of which you should not/may not process any longer?

5. Policies Assessed and Published

Have you defined and published data-related policies? (i.e. Privacy, Code of Conduct, Acceptable Use)

6. Security Allocated to the Professionals

Have you deployed a layered approach to security, utilizing multiple lines of defense to repel potential attacks?

7. SARs, Breach and Purge Procedures Formulated

Have you formulated hygiene and response procedures?

8. Agreements (DPA, etc.) Assessed

Have you obtained relevant data processing agreements?

9. Rules of Email Use Formulated and Documented

Have you established a digital communications procedures and rules of use?

10. Training & Awareness Program Conducted and Documented

Have you informed employee and conducted a data protection awareness training program?