Perform a privacy baseline measurement?

The European General Data Protection Regulation (GDPR) has implications for the governance and compliance of the organization. The level of the sanctions is also a reason to place data protection and safeguarding privacy high on the agenda of directors.

In order to meet the requirements of these laws and regulations, the organization will need to have insight into its own ‘organizational structure’, including the related parties with which contractual relationships exist.

The central question is: ‘Do I have a clear overview and insight into the risks and liabilities arising from privacy legislation and the degree of control of these risks?’

To obtain this insight, we offer to perform the privacy baseline measurement. The privacy baseline measurement is an exploratory study aimed at gaining insight into compliance with laws and regulations in the field of data protection and privacy. The investigation provides the responsible person, the Executive Board and the Supervisory Board, with insight into the extent to which the risks are covered by measures and the effective operation of these measures.

How can we help you?

Do you have questions about organizing, implementing or expanding a Privacy Baseline Measurement? Our service owners would be happy to discuss your needs, case and/or problem.

An organization must ensure that technical and organizational measures have been taken to cover the risks and that these measures work effectively. After all, if a measure is missing or has proven to be ineffective and this has led to a data breach, the organization must report this data breach to the Dutch Data Protection Authority (DPA) and in a number of cases also to the data subject. If the organization is unable to identify a data breach itself – and notification is not forthcoming – it can be held accountable for this by the DPA or one or more data subjects. This can lead to fines and claims.

Your partners in the chain also want to know to what extent your organization complies with the legislation. If your organization is a processor, the controller is obliged to check whether your organization complies with the GDPR.

The privacy baseline measurement also provides a document that you can hand over to your accountant. This auditor may use this document to support his own audit work. This allows you to reduce your accountant costs.

The GDPR has an accountability obligation for companies and institutions. This obligation means that organizations must be able to demonstrate at any time that the measures to protect personal data actually work and that the provisions of the GDPR are being complied with.

The accountability obligation entails, among other things, that there must be an overview and insight into the processing operations, that the data protection policy must be anchored in the organization and that it is complied with and that the effective functioning of information security must be demonstrated. In addition, the accountability obligation also relates to the processing of personal data for which the organization has engaged external parties (processors and sub-processors).

The summary from the report of the privacy baseline measurement can be included in the Directors’ Report, as a result of which the organization complies with a governance obligation.

The research has a practical approach: together with you a first step is taken towards a healthy privacy management. During the research, available policy documents are assessed and interviews are held with employees and/or stakeholders. The insights obtained in this way are compared with the requirements set for the processing of personal data, the assessment of the extent to which your organization meets the requirements with regard to data protection and privacy. This is done on the basis of a privacy standards framework, which is based on the relevant legislation and regulations for the organization.

The investigation results in a report of findings and associated advice. This advice provides, among other things, a global approach for your organization on how to take next steps to take data protection and safeguarding privacy to a higher level and to become compliant. We use a maturity model with 5 levels.

Activities during the research:

  • Establish privacy standards framework aimed at the organization;
  • Inventory of the most important processing operations;
  • Checking against the privacy standards framework: interviews, documentation and own research;
  • Prepare report of findings, action plan and presentation; and
  • Coordination and unforeseen work.

The depth of the privacy baseline measurement and the detail of the report are determined by the scope of the investigation and the time available.

Do you have questions or need an appointment?

We have been supporting and conducting privacy baseline measurements for many different clients for more than 20 years. We have experience in various sectors and have knowledge and skills. We work efficiently and effectively to serve the client as well as possible.

If you have any questions or would like to receive a non-binding offer, please do not hesitate to contact us. This can be done via +31 (0)70 – 392 22 09 or