The version of the browser you are using is no longer supported. Please upgrade to a
Survey on Data Protection Regime
This survey is part of a research being undertaken by the Centre for Internet and Society (CIS), India. Our aim is to understand how various organisations view the changes in the Data Protection Regime in the European Union. Your participation is voluntary and you may withdraw at any time. The information given will be used for the purpose of research only. Questions that personally identify you are not mandatory and will be kept strictly confidential.
Is the Senior Management at your organisation aware of the new General Data Protection Regulation (GDPR)?
Do you see your current privacy practices undergo a change to meet compliance with the new regime?
Is your organisation ready to conduct assessment on their readiness to comply with the new Regulation?
To what extent are you compliant with the current EU Data Protection Directive (DPD/95/46/EC)?
Under the current Data Protection Directive (DPD/95/46/EC) , how compliant are you with the requirement on notification and registration with Data Protection Authorities?
Are you aware that the new regime waives the current requirement on notification and registration mentioned in the previous question?
How do you see your organisation benefiting from the new changes on notification and registration?
With regard to appointment of Data Protection Officer, are you comfortable with the new regime or the old Directive?
Please share your opinion on what is the best reasonable change under GDPR?
Appointment of Data Protection Officer
Conduct Privacy Impact Assessment
Record keeping of processing acitivites
Direct lineage with Supervisory Authorities
Recommendation of Binding Corporate Rules and Privacy Seals
Other Compliance Demonstration activity
Does your organisation have Binding Corporate Rules (BCR)?
If your organisation does not have BCR, when do you plan to put them in place?
Yes in next 6 months
Yes in next 12 months
Yes in 2 years
Is your organisation equipped to meet the record-keeping requirement?
What new practices will you be employing for the above record keeping activity?
Standardized and updated Data Protection Impact Assessment
Standard Contractual Clauses
Data Protection by design and default
Do you see these practices (mentioned in previous question) benefiting or impacting your organisation?
Will increase costs
Will improve administrative efficiency in the long run
No significant benefit or impact
Are you aware of the new Right to Data Portability and the expanded Right to Erasure under the GDPR?
Do you feel the new Rights will have a significant operational impact on you?
Do you feel that the Regulator or Working Group needs to provide more guidance with regard to Right to Portability and Right to Erasure?
How do you view the Breach Reporting requirements mandated under the new regime?
What processes and controls do you see as essential changes within the organisation to meet compliance with the new Security Breach Notification?
Regular Privacy Impact Assessment
Breach Response and Notification Procedures
Insurance or Cyber Insurance
Have budgetary allocations been made for meeting compliance with GDPR?
If allocations have not been made then in how much time can it be expected to be done?
Never submit passwords through Google Forms.
This content is neither created nor endorsed by Google.
Terms of Service