5 Simple but Powerful Questions to Assess the GDPR Compliance of an Organization

Not interested in lengthy and expensive GDPR audits? Think about the following five questions to easily get a first idea of an organization’s level of GDPR compliance:

1. What data protection awareness measures have been taken in the last 12 months (e.g. online/classroom employee trainings, content, scope)?
2. What is the content of the last two annual reports of the Data Protection Officer (DPO)/internal audit?
3. What GDPR violations have been identified in the last 12 months and what sanctions have internally been imposed?
4. How does the org-chart of the data protection organization look like?
5. What written documentation on the processes implemented to ensure GDPR compliance exist (e.g. SOPs, internal policies, instructions), in particular regarding: lawfulness of processing, deletion, data subject rights, data breaches, data processors, EU data exports, data protection impact assessment and data security?