Skip to content

Would you like to have a privacy baseline measurement carried out?

The European General Data Protection Regulation (GDPR) has implications for the governance and compliance of the organization. The height of the sanctions is also a reason to place data protection high on the agenda of directors. In order to meet the requirements of these laws and regulations, the organization will need to have insight into its own ‘organizational structure’, including the related parties with which contractual relationships exist.

The central question is, “Do I have a clear overview and understanding of the liability and cost risks arising from personal data protection legislation and the degree to which these risks are controlled?

What is the added value?

Accountability Obligation

The GDPR has an accountability obligation for companies and institutions. This obligation means that organizations must be able to demonstrate at any time that the measures to protect personal data actually work and that the provisions of the GDPR are being complied with.

The accountability obligation entails, among other things, that there must be an overview and insight into the processing operations, that the data protection policy must be anchored in the organization and that it is complied with and that the effective functioning of information security must be demonstrated. In addition, the accountability obligation also relates to the processing of personal data for which the organization has engaged external parties (processors and sub-processors).

MYOBI, with the help of Duthler Associates, developed accountability for compliance with the TTP policy, as part of the Code of Conduct, in the form of a privacy baseline measurement, see fulfillment of (legal) accountability.

What is our approach?

The study has a practical approach: together with you, we inventory the business activities and compile a company-specific standards framework from generally accepted standards. During the research, available policy documents are assessed and interviews are held with employees and/or stakeholders. The insights obtained are compared to the requirements for the processing of personal data, the assessment of the extent to which your organization meets the requirements with regard to data protection. This is done on the basis of a framework of standards, which is based on the relevant laws and regulations for the organization.

The investigation results in a report of findings and associated advice. This advice provides, among other things, a global approach for your organization on how to take next steps to take data protection and safeguarding privacy to a higher level and to become compliant. We use a maturity model with 5 levels.

Activities during the research:

  • Establish standards framework focused on the organization’s business activities;
  • Inventory of key processes/processes by which business activities are organized;
  • Testing against the standards framework: interviews, documentation and own research;
  • Prepare report of findings, action plan and presentation; and
  • Coordination and unforeseen work.

The depth of the data protection baseline and detail of the report are determined by the desired scope and scope of the study and the time available.

Latest news

Submit your question to our experts

Questions about our services? Feel free to contact us, we are happy to help you.