5 Simple but Powerful Questions to Assess the GDPR Compliance of an Organization

Photo by Edu Lauton on Unsplash
Dr. Thomas Helbing

Not interested in lengthy and expensive GDPR audits? Think about the following five questions to easily get a first idea of an organization’s level of GDPR compliance:

  1. What data protection awareness measures have been taken in the last 12 months (e.g. online/classroom employee trainings, content, scope)?
  2. What is the content of the last two annual reports of the Data Protection Officer (DPO)/internal audit?
  3. What GDPR violations have been identified in the last 12 months and what sanctions have internally been imposed?
  4. How does the org-chart of the data protection organization look like?
  5. What written documentation on the processes implemented to ensure GDPR compliance exist (e.g. SOPs, internal policies, instructions), in particular regarding: lawfulness of processing, deletion, data subject rights, data breaches, data processors, EU data exports, data protection impact assessment and data security?
GDPR Compliance Audit
Data Protection Law


Ratgeber, Muster und Checklisten