GDPR Readiness Survey
Please answer these questions
Do you call your clients, suppliers or employees sometimes with your (mobile) phone?
What's a phone?
All the time
Never
Sometimes, yes
Do you sometimes send e-mails to your clients, suppliers or employees?
Sometimes
Often
Always, because it's easy
We don't use a computer
Are you collecting first and last names?
No
Yes
Do you collect e-mail addresses?
No
Yes
Do you collect physical addresses (like street, city and country)?
No
Sometimes
Yes
Do you collect health information
Yes
No
Do you collect financial information?
No
Yes
Do you collect social information?
Yes
No
Do you process credit card payments?
No
Yes, but we use a 3rd-party payment gateway for that
Yes, we process themselves and we're PCI compliant
Do you process shipment information?
No
Yes
Do you process personal documents (passports, identity cards, loyalty programs)?
No
Yes
Yes, but only to validate someone's identity and we don't store it.
Have you been hacked before?
Yes
No
Do you know if you have been hacked?
Yes
No
Do you know if data has been stolen from you?
No
Yes
Do you know who to contact in case of a data breach?
Yes
No
Do you send out newsletters?
No
Yes
Do those people have given their explicit consent to be sent your newsletter?
Yes, and we have recorded the date and time when they have done this
No
Yes, I think so
I'm not sure
Do you use cloud services like G Suite by Google?
Yes
No
Do you use cloud services like Dropbox?
No
Yes
Do you use cloud services like Office356?
Yes
No
Do you use cloud services like SalesForce?
No
Yes
Do you use cloud services like GitHub?
Yes
No
If you have answered "yes" to any of above services, have you shared screenshots, data dumps (spreadsheet, db dump) on that service?
Yes
I don't know
No
Is your application secured and can you prove this with an external audit report?
Yes
What's an external audit report?
We use an application in the cloud (SaaS)
No
Do you log who has access to your data and when?
Yes, we have our Apache/IIS logs
I'm not sure
No, do I need to?
Yes, we implement audit logs everywhere
Do you prevent employees to access some or all of your personal data?
I think we do
No, everyone in the company has access
Yes, we use ACL to protect access to (parts) of our application
Yes, only management and sales have access to the application
Is personal data stored on encrypted storage?
What's encrypted storage?
Yes
No, we're protected by a firewall
Do you share your data with 3rd-party suppliers?
Yes, we were recently acquired by another company
I'm not sure, what do you mean with 3rd-party suppliers?
Yes, we work with external consultants
No, we also stated this in our privacy policy
Can non-employees access your computers and your data?
No, we have gates where people have to go through and visitors are always under supervision by a staff member.
I'm not sure
No, our computers are always locked and protected by a password
Yes, everyone who's in our office has access to everything
Do you have encrypted your backups?
Yes
What's a backup?
I'm not sure
No