What is a “Data Protection self assessment”?
If you are a Data Controller or a Data Processor (or even both), then you should carry out an appropriate Data Protection self assessment.
This will help ensure that you attain and maintain compliance with the data protection laws.
What does it involve?
If you are a Data Controller, you will assess how you respond to the right of individuals, record consent, deal with subject access requests, have a process in place for reporting any personal data breaches. You may also need to carry out a Data Protection Impact Assessment (DPIA).
If you are a Data Processor, you will assess how you store and process personal data, how you deal with the rights of individuals, and that you have a process in place for reporting any personal data breaches.
If you are a Data Controller who also processes data, then you will need to do both assessments. It is advisable for you to do them separately, first, as though you were just a controller and then as though you were just a processor. That will ensure clarity.
You will need to assess your security processes (policies and risk management) and that you have adequate systems in place to ensure that the risk of a data breach is kept to a minimum.
There are also additional considerations, and they, together with the controller and processor self assessments can be assisted by using the ICO’s checklists.
These will take a little time to complete, as they are quite detailed, so you may wish to go through them first, to discover what you need to do, gather the relevant information and then continue.
If you need any advice on anything GDPR related, feel free to get in touch!
The ICO checklists can be found here: http://bit.ly/2Np8JsI