By completing this questionnaire, you’ll be able to determine a compliance strategy for your specific organisation for data protection. Based on the information you provide, we’ll send you an email with next steps to take or set up a call (or online meeting) with you to discuss your answers. We respect your privacy. Everything is privileged and confidential. For more see our Privacy Policy.

Jump right in. It will take you about 10 minutes to complete. Maybe longer if you don’t have the information at your fingertips.

Compliance strategy questionnaire for data protection

To workshop, determine and record your compliance strategy for data protection.

  • What is your email address? We need this to link your answers to you.
  • Does your organisation have a clearly defined culture or set of values? Do they relate to privacy or data protection? Are they on the website?
  • How does your organisation deal with the three related topics of GRC? Is there a description on its website?
  • Does your organisation apply the King code?
  • Has your organisation made disclosures under King IV?
  • What is our organisation's risk appetite and how do you currently govern risk?
  • How does your organisation govern compliance?
  • Does your organisation have some form of compliance policy or charter for complying with all laws or its regulatory universe?
  • What is your organisation's general compliance strategy?
  • Does the same strategy apply for data protection?
  • Does your organisation currently have a data protection policy or some other document that records your strategy?
  • What data protection laws does your organisation have to comply with?
  • Are there any laws that your organisation should comply with but decided not to? For example, if only 1% of your data subjects are in the EU, have you decided not to comply with the GDPR?
  • What approach is your organisation taking?
  • What standards (if any) do you comply with, or are you required to comply with?
  • What codes do you consider to be binding? Do any associations of which your organisation is a member have a code of conduct?
  • What does your organisation plan to tackle the DPO or IO requirement? Are you going to have one or many? Will it be the same person? Do you need a DPO?
  • Are there any specific ways in which your organisation has decided to apply the data protection principles?
  • Do you want to have a private 30-minute online meeting to workshop your answers and this topic?