Created
May 4, 2020 23:33
-
-
Save opexxx/6f9563170d2b60d41f0232e425a54068 to your computer and use it in GitHub Desktop.
General Data Protection Regulation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"1.1": "1.2", | |
"I. Structure and responsibility in the company": "I. Structure and responsibility in the company", | |
"Is there an awareness in the company that data protection is management responsibility ": "Does your company have a data protection officer?", | |
"": "" | |
}, | |
{ | |
"1.1": "2.1", | |
"I. Structure and responsibility in the company": "II. Overview of processing activities", | |
"Is there an awareness in the company that data protection is management responsibility ": "Do you have records of your processing activities according to Art. 30 GDPR?", | |
"": "" | |
}, | |
{ | |
"1.1": "2.1b", | |
"I. Structure and responsibility in the company": "II. Overview of processing activities", | |
"Is there an awareness in the company that data protection is management responsibility ": "How did you ensure that data protection issues are taken into account within your company upon commencement\nor modification of each processing activity (Privacy by Design – Art. 25 GDPR)?", | |
"": "" | |
}, | |
{ | |
"1.1": "3.1", | |
"I. Structure and responsibility in the company": "III. Involvement of third parties", | |
"Is there an awareness in the company that data protection is management responsibility ": "Do you engage third parties for the execution of your activities (processors)?", | |
"": "" | |
}, | |
{ | |
"1.1": "4.1", | |
"I. Structure and responsibility in the company": "IV. Transparency, information duties and assurance of data subject rights", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you adapted your texts providing information regarding data protection for data subjects in the course of data collection to the requirements of Art. 13 and 14 GDPR?", | |
"": "" | |
}, | |
{ | |
"1.1": "4.2", | |
"I. Structure and responsibility in the company": "IV. Transparency, information duties and assurance of data subject rights", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you recently include information provided it had not been included before:", | |
"": "" | |
}, | |
{ | |
"1.1": "5.1", | |
"I. Structure and responsibility in the company": "V. Accountability, risk management", | |
"Is there an awareness in the company that data protection is management responsibility ": "Is there information about each processing activity which serves to prove the lawfulness of processing, e.g. concerning purposes, categories of personal data, recipients and/or deletion periods (Art. 5 para. 2 GDPR)?", | |
"": "" | |
}, | |
{ | |
"1.1": "5.1a", | |
"I. Structure and responsibility in the company": "V. Accountability, risk management", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you assessed if the consents on which your processing is based still complies with the requirements of Art. 7 and/or Art. 8 GDPR??", | |
"": "" | |
}, | |
{ | |
"1.1": "5.2", | |
"I. Structure and responsibility in the company": "V. Accountability, risk management", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you installed a data protection management system in order to ensure and be able to prove that your\nprocessing is in compliance with the GDPR (Art. 24 para.1 GDPR)?", | |
"": "" | |
}, | |
{ | |
"1.1": "5.3", | |
"I. Structure and responsibility in the company": "V. Accountability, risk management", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you adapted your existing security review processes to the new requirements of Art. 32 GDPR?", | |
"": "" | |
}, | |
{ | |
"1.1": "5.4", | |
"I. Structure and responsibility in the company": "V. Accountability, risk management", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you prepared for the possible necessity to conduct a data protection impact assessment?", | |
"": "" | |
}, | |
{ | |
"1.1": "5.4a", | |
"I. Structure and responsibility in the company": "V. Accountability, risk management", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you established an appropriate method in your enterprise for determining if a data protection impact assessment has to be conducted?", | |
"": "" | |
}, | |
{ | |
"1.1": "5.4b", | |
"I. Structure and responsibility in the company": "V. Accountability, risk management", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you established an appropriate risk method in your enterprise for the conduct of a data protection impact assessment? Have you chosen a process for the data protection impact assessment; have you already tested it?", | |
"": "" | |
}, | |
{ | |
"1.1": "6.1", | |
"I. Structure and responsibility in the company": "VI. Data breaches", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you ensured that the notification of a personal data breach to the supervisory authority can be performed within 72 hours according to Art. 33 GDPR?", | |
"": "" | |
}, | |
{ | |
"1.1": "6.1a", | |
"I. Structure and responsibility in the company": "VI. Data breaches", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you ensured in particular that data breaches in your enterprise can be identified? Have you establishedan appropriate method in your enterprise to determine a risk or a high risk?", | |
"": "" | |
}, | |
{ | |
"1.1": "6.1b", | |
"I. Structure and responsibility in the company": "VI. Data breaches", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you established a process on how to handle potential breaches internally?", | |
"": "" | |
}, | |
{ | |
"1.1": "6.1c", | |
"I. Structure and responsibility in the company": "VI. Data breaches", | |
"Is there an awareness in the company that data protection is management responsibility ": "Have you determined who communicates when and how with the supervisory authority?", | |
"": "" | |
} | |
] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment