Cybersigma Consulting Services
General Data Protection Regulation(GDPR) Form
Personal Information
Name:
*
Email:
*
Contact No.
*
Company Name:
*
Controller
Are you a data controller or a processor
Controller
Processor
Do you determine the purposes and means of the processing of personal data,
or process personal data on behalf of another party?
Do you perform all the processing activities yourself or use third-party processing services, such as renting servers?
Yourself
Third Party
Who can access the personal data within your company?
Are there different levels of access for different positions?
Yes
No
Do you have a system of logs that records who and when enters personal data you process, modifies, erases or accesses them?
Yes
No
Who do you get the data from—a data subject or from a third party?
Do you collect the personal data of children?
Yes
No
How do you collect data—by e-mail, electronic forms, activity tracking, etc
What categories of data do you collect?
Do you collect sensitive data—such as health records, data on racial or ethnic origin, religious or philosophical beliefs, etc
Yes
No
Is all the data you collect really necessary for the purpose of its processing?
Yes
No
How is the collected data used—what is the purpose of data processing?
What is the legal basis for your processing of data?
If you collect consents for data processing—is withdrawing consent as easy as giving it?
Yes
No
If you process the same data, with consent as legal basis, for multiple purposes—do you collect separate consent for each purpose?
Yes
No
How long will the data be stored for?
What criteria are used to determine that period?
Will data be erased manually or automatically?
Yes
No
Do you have policies in place that ensure that personal data are rectified or erased in case they are inaccurate, and erased as soon as they are not relevant for the purposes for which they are processed?
Yes
No
Do you collect data for statistical purposes in personal or anonymized form?
Yes
No
Do you inform the data subject about your identity, contact details, and data subject rights?
Yes
No
When and how?
Will data be shared with any third parties, including within your capital group?
Yes
No
When, how, on what legal basis?
Do you transfer data to countries outside the EU?
Yes
No
How can a user request access to their data, including receiving a copy of their personal data undergoing processing?
Will this process be conducted manually or automatically?
Manually
Automatically
In what format will the copy be provided?
How will the right to data portability be handled?
In what format will the data be provided to the data subject or to another controller at the data subject’s request?
How can a user request rectification of their data and how is that request handled?
Have you verified how exercising the right to restrict and right to object will affect your processes, and whether you are able to comply with obligations they entail?
Yes
No
Does processing of personal data include making decisions based solely on automated processing, including profiling, which produces legal effects or effects affecting data subjects in a similarly significant manner?
Do you have a system in place that enables you to detect data protection breaches and a procedure on how to react in case of a breach?
Yes
No
Do you have a data protection officer in your company or know whether you need one?
Yes
No
Have you verified whether there are processes in your company that require conducting a data protection impact assessment?
Yes
No
Have you verified what the scope of obligatory documentation you need to prepare is and whether your staff is trained for the GDPR challenges?
Yes
No
Submit
Cybersigma Consulting Services©
