Complying with GDPR supposes "to implement appropriate and effective organisational and technical measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary" [GDPR, Art. 24(1)].
GDPR CSA is designed to support small and medium enterprise in their effort to be accountable. To do so, the tool allows to identify what are GDPR requirements, and specify what organisational and technical measures have been implemented to meet them.
GDPR CSA's assessment results can be used to:
GDPR Compliance Self-Assessment (GDPR CSA) is based on a Process Assessment Model (PAM) which translates GDPR requirements into operational requirements in terms of process components, as defined by ISO/IEC 33004 standard. GDPR's processes are organised into two groups according to their scope: the first group contains processes related to personal data processing activity, while the second is made of processes that take place at organisational level.
Processes related to processing activity
Process related to organisation itself
Disclaimer
The GDPR CSA is a self-assessment tool. Collective members of SENTINEL project do not offer any guarantee as to the compliance of an company and processing activity assessed by using GDPR CSA. Under no circumstances are collective members of SENTINEL project liable for any direct, indirect, incidental, special or consequential damages or lost profits that result directly or indirectly from the use of or reliance on GDPR CSA.