Are you looking for a legal assessment, like a risk assessment, an impact assessment, a requirements assessment or a readiness assessment? The purpose of an assessment is for us to assess, evaluate or judge your organisation. We have years of experience doing various assessments on specific focus areas. We can also do a gap analysis or a compliance audit, but those are something different.

The benefits of an assessment

An assessment should:

  • set out where you currently stand,
  • give you insight into your organisation,
  • help identify and define the current reality, whatever that might be,
  • direct your improvement efforts or next steps, and
  • provide a measuring stick towards where you want to be.

Where are we?

Assessments that we offer

We have experience doing various different assessments (both face-to-face and online) regards various specific topics. Below is a list of some of the assessments we offer.

Data protection assessments

  • Organisational impact assessment to assess the high-level impact of applicable data protection laws on your organisation and evaluate the best way forward.
  • Privacy impact assessment to assess the impact of your activities (or products or services) on the privacy or personal information of data subjects. Some people refer to this as a privacy risk assessment.
  • Vendor or third-party risk assessment to assess the risks relating to the use of third parties (sometimes referred to as vendors, suppliers, partners, contractors, or service providers).
  • Data protection responsibility assessment to determine whether or not you are responsible for protecting personal data that is being processed.
  • Consents, Disclosures, and Signatures Assessment to assess whether you are using electronic consents, disclosures, and signatures correctly to reach agreement with your customers, suppliers, or employees electronically.
  • Data Protection Readiness Assessment to assess how ready you are for the commencement of a law or to start your compliance programme.
  • Microsoft SSPA Independent Assessment to independently assess whether your organisation (which is a supplier to Microsoft and processes personal data for it) complies with the Microsoft Supplier Data Protection Requirements (DPR).
  • Processor assessment to independently assess whether a processor for a controller complies with the contract between them.
  • Country adequacy assessment to independently assess whether a country has adequate data protection in place so that, together with the standard contractual clauses (SCC), a data exporter can transfer personal data to a data importer in another country.
  • Legitimate interest assessment (LIA) to assess and demonstrate that you can process personal data based on your legitimate interests.
  • Prior authorisation assessment (PAA) to assess and demonstrate that you do or don’t need to get prior authorisation.
  • Transfer impact assessment (TIA) to assess whether a transfer to another country is lawful because the controller adequately protects the personal data it is transferring by putting sufficient measures in place.

There are various data protection self-assessments that you can do on the ICO website.

Other types of assessments

An assessment focuses on where your organisation is at a point in time.