Perform a privacy zero measurement?

The European General Data Protection Regulation (GDPR) has implications for the governance and compliance of the organization. The height of the sanctions is also a reason to place data protection high on the agenda of directors.

In order to meet the requirements of these laws and regulations, the organization will need to have insight into its own ‘organizational structure’, including the related parties with which contractual relationships exist.

The central question is: ‘Do I have a clear overview and insight into the risks and liabilities arising from the legislation for the protection of personal data and the degree of control of these risks?’

To obtain this insight, we offer to perform the privacy baseline measurement. The data protection baseline measurement is an exploratory study aimed at gaining insight into compliance with data protection laws and regulations. The investigation provides the responsible person, the Executive Board and the Supervisory Board, with insight into the extent to which the risks are covered by measures and the effective operation of these measures.

How can we help you?

Do you have questions about organizing, implementing or expanding a Privacy Baseline Measurement? Our service owners would be happy to discuss your needs, case and/or problem.

Download the factsheet here

Download the factsheet ‘zero privacy baseline measurement’ here.

An organization must ensure that technical and organizational measures have been taken to cover the risks and that these measures work effectively. After all, if a measure is missing or has proven to be ineffective and this has led to a data leak, the organization must usually report this data leak to the Dutch Data Protection Authority (AP) and in a number of cases also to the data subject. If the organization is unable to identify a data breach itself – and notification is not made – it can be held accountable by the AP or one or more parties involved. This can lead to fines and claims.

Your partners in the chain also want to know to what extent your organization complies with the legislation. If your organization is a processor, the controller is obliged to check whether your organization complies with the GDPR.

The data protection baseline measurement also produces a document that you can hand over to your accountant. This auditor may use this document to support his own audit work. This allows you to reduce your accountant costs.

The GDPR has an accountability obligation for companies and institutions. This obligation means that organizations must be able to demonstrate at any time that the measures to protect personal data actually work and that the provisions of the GDPR are being complied with.

The accountability obligation entails, among other things, that there must be an overview and insight into the processing operations, that the data protection policy must be anchored in the organization and that it is complied with and that the effective functioning of information security must be demonstrated. In addition, the accountability obligation also relates to the processing of personal data for which the organization has engaged external parties (processors and sub-processors).

The summary from the report of the privacy baseline measurement can be included in the Directors’ Report, as a result of which the organization complies with a governance obligation.

The research has a practical approach: together with you, a first step is taken towards a healthy household for the protection of personal data. During the research, available policy documents are assessed and interviews are held with employees and/or stakeholders. The insights obtained are compared to the requirements for the processing of personal data, the assessment of the extent to which your organization meets the requirements with regard to data protection. This is done on the basis of a framework of standards, which is based on the relevant laws and regulations for the organization.

The investigation results in a report of findings and associated advice. This advice provides, among other things, a global approach for your organization on how to take next steps to take data protection and safeguarding privacy to a higher level and to become compliant. We use a maturity model with 5 levels.

Activities during the research:

  • Establish a framework of standards aimed at the organization;
  • Inventory of the most important processing operations;
  • Testing against the standards framework: interviews, documentation and own research;
  • Prepare report of findings, action plan and presentation; and
  • Coordination and unforeseen work.

The depth of the privacy baseline measurement and the detail of the report are determined by the scope of the investigation and the time available.

More about the privacy baseline measurement

Do you have questions or need an appointment?

We have been conducting privacy baseline measurements for many different clients for more than 20 years. We have experience in various sectors and have knowledge and skills. We work efficiently and effectively to serve the client as well as possible.

If you have any questions or would like to receive a non-binding offer, please do not hesitate to contact us. This can be done via +31 (0)70 – 392 22 09 orinfo@duthler.nl.