Are you looking for a legal assessment, like a risk assessment, an impact assessment, a requirements assessment or a readiness assessment? The purpose of an assessment is for us to assess, evaluate or judge your organisation. We have years of experience doing various assessments on specific focus areas. We can also conduct a gap analysis or a compliance audit, but those are different types of services.

The benefits of an assessment

An assessment should:

  • set out where you currently stand,
  • give you insight into your organisation,
  • help identify and define the current reality, whatever that might be,
  • direct your improvement efforts or next steps, and
  • provide a measuring stick towards where you want to be.

Where are we?

Assessments that we offer

We have experience doing various assessments (both face-to-face and online) regarding various specific topics. Below is a list of some of the assessments we offer.

Data protection assessments

  • Organisational impact assessment to assess the high-level impact of applicable data protection laws on your organisation and evaluate the best way forward.
  • Privacy impact assessment (PIA) to assess the impact of your activities (or products or services) on the privacy or personal information of data subjects. Some people refer to this as a privacy risk assessment. In South Africa, they are referred to as a Personal Information Impact Assessment (PIIA), while in the EU, they are known as a Data Protection Impact Assessment (DPIA). They are all the same thing.
  • Vendor or third-party risk assessment to assess the risks relating to the use of third parties (sometimes referred to as vendors, suppliers, partners, contractors, or service providers).
  • Data protection responsibility assessment to determine whether or not you are responsible for protecting personal data that is being processed.
  • Consents, Disclosures, and Signatures Assessment to assess whether you are using electronic consents, disclosures, and signatures correctly to reach agreement with your customers, suppliers, or employees electronically.
  • Data Protection Readiness Assessment to assess how ready you are for the commencement of a law or to start your compliance programme.
  • Microsoft SSPA Independent Assessment to independently assess whether your organisation (which is a supplier to Microsoft and processes personal data for it) complies with the Microsoft Supplier Data Protection Requirements (DPR).
  • Processor assessment to independently assess whether a processor for a controller complies with the contract between them.
  • Country adequacy assessment to independently assess whether a country has adequate data protection in place so that, together with the standard contractual clauses (SCC), a data exporter can transfer personal data to a data importer in another country.
  • Legitimate interest assessment (LIA) to assess and demonstrate that you can process personal data based on your legitimate interests. We conduct LIAs for organisations, and we can empower you to conduct LIAs through the relevant module in our programme.
  • Prior authorisation assessment (PAA) to assess and demonstrate whether you do or don’t need to get prior authorisation.
  • Transfer impact assessment (TIA) to assess whether a transfer to another country is lawful because the controller adequately protects the personal data it is transferring by putting sufficient measures in place.

There are various data protection self-assessments that you can do on the ICO website and the Information Regulator’s eServices portal.

Other types of assessments

An assessment focuses on where your organisation is at a point in time.