Data Protection compliance quick scan

If you process personal data, you have to comply with the (national implementations of the) data protection directive. Does your organization meet all the demands set out in the directive? By way of the following yes-no questions you will gain insight into your level of compliance.

Do you process data only for specified purposes?

Do you use the data only for these purposes?

Do you only process data that is necessary for the purposes defined?

Have you notified the national Data Protection Authority or the data protection officer within your organization of the processing of personal data?

Can your processing be based on one of the following criteria?

  • You have the unambiguous consent of the data subject

  • The data are necessary for the performance of a contract you have with the data subject

  • There is a legal obligation requiring you to the process the data (for instance, the Internal Revenue Service requires the recording of the data)

  • The data are necessary for the protection of a vital interest of the data subject (for instance, in the case of processing of the data of a victim to a serious accident)

  • The data are necessary for the adequate performance of your public task

  • You have a legitimate interest that outweighs the privacy interest of the data subject

Have you implemented measures to ensure the quality of the personal data?

Have you implemented measures to secure the data?

Do you inform the data subjects of the fact that you are processing their data?

Do you provide the data subjects with access to their data, upon request?

Do you provide the data subjects with the opportunity to rectify, alter or erase their data?

Do you process, contrary to the prohibition to do so, special categories of personal data (among others; race, sexual preference, health or religion)?

Do you transfer data to third parties outside of the European Economic Area without an adequate level of privacy protection and without an export permit?