[Akkade.be] GDPR Survey
General Data Protection Regulation survey
Email address *
Part 1: Your current position towards the GDPR
To establish a base-line it may be necessary to assess current awareness and compliance with the GDPR. It will provide us a good starting point for moving your organisation to compliance with the GDPR by exploring the needs that occur and to consider existing policies and procedures. This is not intended as an in-depth analysis but as a reference of your organisation to date.

Most of the time you will need to ask various departments of your organisation for responses.

A. Senior management awareness
Is there a regular discussion on data protection on your management board? *
Has GDPR been recognised as a challenge to the business? *
Is there awareness creation towards the employees in your organisation? *
B. Policies & Procedures
Are proper information security policies and procedures installed? *
Are proper data protection policies and procedures installed? *
Are there formal mechanisms in place to identify breaches and handle incidents? *
Are third parties using the personal data? *
Do you have proper contracts with those third parties? *
C. New projects and initiatives
Is "Privacy by design" implemented as a standard? *
Is there a review procedure during development, testing and delivery of the project? *
Is a Data Privacy Impact Assessment conducted when necessary? *
Part 2: Personal data
Personal data is defined in the GDPR as any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
From whom is the personal data processed? *
Why is personal data processed? *
Is there a clear and accessible processing information given to those individuals? *
Which reasons for processing of this personal data is appropriate in your organisation? *
This will need to be detailed afterwards in the light of the information shared above.
Which data is collected of those persons? *
What is the source of the data? *
Part 3: Data Protection Management
Is a data protection officer appointed in your organisation? *
Has your data protection officer another role as well? *
Is your data protection officer an internal or external resource? *
Has the data protection officer the sufficient power to operate? *
Can the data protection officer regularly report directly to management? *
Thank you for your cooperation!
Never submit passwords through Google Forms.
This content is neither created nor endorsed by Google.