OrderControlsFrameworkDomainResponse
0
Q1 Your business has conducted an information audit to map personal data flows.
GDPRLawfulness, fairness and transparencyPartially implemented
1
Q2 Your business has documented what personal data you hold, where it came from, who you share it with and what you do with it.
GDPRLawfulness, fairness and transparencyPartially implemented
2
Q3 Your business has identified your lawful bases for processing and documented them.
GDPRLawfulness, fairness and transparencyPartially implemented
3
Q4 Your business has reviewed how you ask for and record consent.
GDPRLawfulness, fairness and transparencyNot yet implemented
4
Q5 Your business has systems to record and manage ongoing consent.
GDPRLawfulness, fairness and transparencyNot yet implemented
5
Q6 If your business relies on consent to offer online services directly to children, you have systems in place to manage it.
GDPRLawfulness, fairness and transparencyNot applicable
6
Q7 If you may be required to process data to protect the vital interests of an individual, your business has clearly documented the circumstances where it will be relevant. Your business documents your justification for relying on this basis and informs individuals where necessary.
GDPRLawfulness, fairness and transparencyNot applicable
7
Q8 If you are relying on legitimate interests as the lawful basis for processing, your business has applied the three part test and can demonstrate you have fully considered and protected individual’s rights and interests.
GDPRLawfulness, fairness and transparencyPartially implemented
8
Q9 Your business is currently registered with the Information Commissioner's Office.
GDPRLawfulness, fairness and transparencySuccessfully implemented
9
Q10 Your business has provided privacy information to individuals.
GDPRIndividuals' rightsSuccessfully implemented
10
Q11 If your business offers online services directly to children, you communicate privacy information in a way that a child will understand.
GDPRIndividuals' rightsNot applicable
11
Q12 Your business has a process to recognise and respond to individuals' requests to access their personal data.
GDPRIndividuals' rightsPartially implemented
12
Q13 Your business has processes to ensure that the personal data you hold remains accurate and up to date.
GDPRIndividuals' rightsPartially implemented
13
Q14 Your business has a process to securely dispose of personal data that is no longer required or where an individual has asked you to erase it.
GDPRIndividuals' rightsPartially implemented
14
Q15 Your business has procedures to respond to an individual’s request to restrict the processing of their personal data.
GDPRIndividuals' rightsPartially implemented
15
Q16 Your business has processes to allow individuals to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability.
GDPRIndividuals' rightsNot yet implemented
16
Q17 Your business has procedures to handle an individual’s objection to the processing of their personal data.
GDPRIndividuals' rightsPartially implemented
17
Q18 Your business has identified whether any of your processing operations constitute automated decision making and have procedures in place to deal with the requirements.
GDPRIndividuals' rightsPartially implemented
18
Q19 Your business has an appropriate data protection policy.
GDPRAccountability and GovernanceSuccessfully implemented
19
Q20 Your business monitors your own compliance with data protection policies and regularly reviews the effectiveness of data handling and security controls.
GDPRAccountability and GovernanceSuccessfully implemented
20
Q21 Your business provides data protection awareness training for all staff.
GDPRAccountability and GovernanceSuccessfully implemented
21
Q22 Your business has a written contract with any processors you use.
GDPRAccountability and GovernanceNot yet implemented
22
Q23 Your business manages information risks in a structured way so that management understands the business impact of personal data related risks and manages them effectively.
GDPRAccountability and GovernanceSuccessfully implemented
23
Q24 Your business has implemented appropriate technical and organisational measures to integrate data protection into your processing activities.
GDPRAccountability and GovernanceNot yet implemented
24
Q25 Your business understands when you must conduct a DPIA and has processes in place to action this.
GDPRAccountability and GovernancePartially implemented
25
Q26 Your business has a DPIA framework which links to your existing risk management and project management processes.
GDPRAccountability and GovernancePartially implemented
26
Q27 Your business has nominated a data protection lead or Data Protection Officer (DPO).
GDPRAccountability and GovernanceSuccessfully implemented
27
Q28 Decision makers and key people in your business demonstrate support for data protection legislation and promote a positive culture of data protection compliance across the business.
GDPRAccountability and GovernancePartially implemented
28
Q29 Your business has an information security policy supported by appropriate security measures.
GDPRData security, international transfers and breachesSuccessfully implemented
29
Q30 Your business has effective processes to identify, report, manage and resolve any personal data breaches.
GDPRData security, international transfers and breachesPartially implemented
30
Q31 Your business ensures an adequate level of protection for any personal data processed by others on your behalf that is transferred outside the European Economic Area.
GDPRData security, international transfers and breachesNot applicable