Data Protection Executive Assessment

Identifying how compliant your organisation is with the General Data Protection Regulation (GDPR)

What is the Data Protection Executive Assessment (DPEA)?

The DPEA reviews the data management practices already in place within your organisation and is based upon the 7 Data Management Principles in the GDPR legislation. The DPEA helps organisations detect any short-falls in their data management practices with a key output being the identification and classification of detected risks or gaps with subsequent recommendations to address or mitigate each of them.

The recommendations presented by Sytorus will be practical and commercially viable, implementable in a timely manner with minimal disruption to the organisation’s day-to-day business operations.

Document with green tick
3 question marks

Why you need it and why it’s important

Do you know how compliant your organisation is with this new legislation and the 7 Data Management Principles?

Can you demonstrate compliance in each of them, all of which carry equal weighting and importance?

Are you still struggling with where to start on your GDPR compliance activities?

Have you identified all data management practices in your organisation and do you understand the level of risk associated with the processing of personal data that you are acquiring from data subjects?

Do you know what to do in the event of a data breach or a request from a data subject who wants to understand what you are doing with their personal data?

Can you present to your current and prospective clients how you managing your compliance and in turn their compliance?

Major Benefits

A DPEA will deliver real benefits and a real return on your investment (ROI). The ROI can be realised through:

  • Demonstrate compliance internally & externally
  • Brand protection
  • Remove possible reputational damage
  • Enhanced customer satisfaction & engagement
  • Higher customer retention levels
Three adition signs

Assessment Approach

The Sytorus DPEA will assess compliance with reference to the 7 Data Management Principles of GDPR.

1. Fair, Transparent & Lawful Processing
Are you acquiring personal data in a fair and transparent way and do you have a legal basis to have it in the first place?

2. Purpose Limitation
Do you only use the personal data for the purpose that you specified to the data subject?

3. Minimisation of Processing
Are you collecting too much personal data from data subjects?

4. Data Accuracy & Quality
How accurate and up-to-date is the personal data that you hold on data subjects?

​​​​​​​5. Retention/Storage Limitation
Are you keeping personal data for too long?

6. Security & Confidentiality
What physical and IT security measures do you have in place?

7. Accountability & Liability
Can you demonstrate pro-active compliance in all data management principles?

Illustration of a handshake


Engagement

The Sytorus team will work with you to identify the most suitable interview candidates for the assessment, ensuring a cross section of your organisation is selected to ensure your risk profile is fully identified through our interview-based approach.