Since May 25th, 2018 the General Data Protection Regulation (GDPR) requires organisations to take measures regarding the processing of personal data. The rules and requirements of the GDPR aim to ensure that personal data are processed properly. Subsequently, the GDPR helps preventing privacy infringements and other risks regarding the processing of personal data.
That is why the GDPR-project within your organisation is in an advanced or finalized stage. Therefore, you want to demonstrate to various stakeholders that your organisation upholds correct privacy standards.
However, does your organisation really satisfy all the requirements of the GDPR? What is the status of the privacy measures within your organisation compared to the competition? Where within the organisation is room for improvement?
Privacy Compliance & Maturity Audit
To answer these questions, Considerati offers the Privacy Compliance & Maturity Audit. This service will assess in-depth all current privacy measures within your organisation and how it compares to the Considerati Privacy Standards.
The Considerati Privacy Standards are developed by our experts and contain all the requirements of the GDPR. With regards to every one of the requirements there is a maturity level, with a scale from 1 to 5. The higher the level, the better your organisation deals with persistently complying with GDPR requirements.
According to our model, the minimum maturity level is level 3. At this level, you are compliant with the requirements of the GDPR. In this situation, your organisation is allowed to publicly use the Considerati Audit Certificate. By using this statement, your organisation is verifiable compliant with GDPR-requirements and will subsequently boost confidence with customers, clients and suppliers.
If the result of the audit shows that one or more measures do not satisfy the minimum requirement, your organisation will receive a report with a clear improvement plan to further the professionalization of your GDPR-compliance.
What to expect from the Audit?
The audit consists of four components:
- Evaluation by Considerati: Your current privacy measures will be mapped and evaluated on maturity level based on the Considerati Privacy Standards. We do this using self-evaluation or by conducting interviews with people within your organisation. In this phase we will test your procedures and protocols and evaluate the legitimacy of your processes. There will be benchmark score as a result of the evaluation, with which you will get an insight into how the GDPR-compliance of your organisation performs. This score is based on (inter)national standards (ISO, BSI, NOREA, CIP) and 10 years of experience with privacy affairs.
- Audit report: You will receive the audit report with an overview of all the findings and the rationale behind these. Additionally, you will receive a statement from us with regards to the achieved maturity level.
- Considerati Audit Certificate: With a score of level 3 or higher, you will receive the Considerati Audit Certificate. This certificate is valid for one year.
- Improvement Plan: With a score lower than level 3, we will discuss with you what level the organisation aims to achieve (e.g. level 4). Based on this discussion, we will draft an Improvement Plan for you. This plan will describe which actions need to be taken in order to achieve the desired maturity level.
If this required from you, we can expand the Audit with one or more additional components:
- Long-term audit plan: We can draft a tailor-made long-term audit plan for your organisation. With this plan, you are ensured that current and follow-up measures will be evaluated, by which an optimal growth of the organisation towards a higher maturity level will be stimulated. This way your organisation will not only ensure that it is GDPR-compliant now but will continue be so.
- Privacy Stress Test: Besides the default audit procedure that Considerati does, it is also possible to perform a Privacy Stress Test. With the results from this simulation, your organisation will have the knowledge how this investigation is done and whether it is ready for such an investigation.
- Mystery Guest: Another additional component is, besides interviewing people from within your organisation, using a mystery guest. This mystery guest is a Consultant from Considerati. By visiting your organisation, this Consultant will observe and evaluate whether your organisation works “safely”. Examples of observations are: whether computers have their screens locked, whether office space and cabinets are physically locked, whether documents are stored security, etc.
Does your organisation want a self-evaluation?
Does your organisation require a self-evaluation? We can offer you our Privacy Compliance & Maturity Scan. By conducting this self-evaluation, you will not receive the Considerati Audit Certificate.