1.
Principles of Data Protection
How does your organization obtain consent for data collection and processing?
2.
Principles of Data Protection
How is data accuracy ensured within your organization?
3.
Principles of Data Protection
How is data security maintained during storage and transmission?
4.
Principles of Data Protection
How does your organization handle data breaches?
5.
Principles of Data Protection
How is data retention and deletion managed?
6.
Principles of Data Protection
How does your organization ensure that data is only collected for specified, explicit, and legitimate purposes
7.
Principles of Data Protection
How does your organization minimize the collection and storage of personal data?
8.
Principles of Data Protection
How does your organization ensure that personal data is not kept longer than necessary?
9.
Rights of Data Subjects
How does your organization handle requests from individuals to access their personal data?
10.
Rights of Data Subjects
How does your organization handle requests from individuals to rectify inaccurate personal data?
11.
Rights of Data Subjects
How does your organization handle requests from individuals to erase their personal data?
12.
Rights of Data Subjects
How does your organization facilitate the portability of personal data upon request?
13.
Rights of Data Subjects
How does your organization handle requests from individuals to object to the processing of their personal data?
14.
Rights of Data Subjects
How does your organization handle requests from individuals to object to the processing of their personal data?
15.
Registration
Is your organization registered with the relevant data protection authority?
16.
Registration
How often does your organization update its registration details with the data protection authority?
17.
Cross-Border Transfer of Data
Does your organization transfer data internationally?
18.
Cross-Border Transfer of Data
How does your organization ensure compliance with data protection regulations when transferring data internationally?
19.
Cross-Border Transfer of Data
Is data transferred to countries with adequate data protection regulations?
20.
Documentation
Does your organization have comprehensive privacy policies and notices?
21.
Documentation
Does your organization maintain records of its data processing activities?
22.
Documentation
Does your organization conduct DPIAs for high-risk data processing activities?
23.
Documentation
Does your organization have documented procedures for handling data subject rights requests?
24.
Documentation
Are there documented mechanisms in place for ensuring compliance with data protection regulations when transferring data internationally?
25.
Documentation
Does your organization have documented training and awareness programs on data protection for employees?
26.
Privacy by Design & Default
How does your organization integrate privacy considerations into the design and development of products, services, and systems?
27.
Privacy by Design & Default
Does your organization conduct Privacy Impact Assessments (PIAs) for new projects or initiatives?
28.
Privacy by Design & Default
How does your organization empower users to control their personal data?
29.
Privacy by Design & Default
How does your organization ensure that privacy-enhancing settings are the default option for users?