¶ The GDPR Compliance self-assessment (GDPR CSA)
The GDPR CSA is a self-assessment tool in SENTINEL which helps you to determine whether organisational and technical measures implemented to meet data protection requirements are complete, appropriate, effective and demonstrable.
¶ Context
For each processing activity saved in SENTINEL, you may apply the GDPR CSA to assess to what extent the technical and orgnisational data protection measures implemented in your organisation are appropriate and effective. For that, on the basis of the information provided in the Processing Activity (GDPR Compliance), SENTINEL will determine and assign a “compliance rating” to the four areas below, pertaining to this Processing Activity:
- Record Management (RECORD);
- Personal Data Lifecycle Management (PDLM);
- Management of individuals rights (RIGHTS); and
- Management of individuals consent (CONSENT).
The results may be interpreted as following:
not compliant: The measures implemented do not meet GDPR requirements
partially compliant: The measures implemented meet GDPR requirements, but not all of them are appropriate given the processing activity's risk level
largerly compliant: The measures implemented meet expected requirement and they are appropriates regarding PA's risk level, but there is a lack of evidence proving their effectiveness and demonstrability;
compliant: The measures implemented are complete, appropriate, and there are strong evidences proving their effectiveness and demonstrability;
- See also:
GDPR compliance
Record management
Personal data lifecycle management
Rights management
Consent management
¶ Procedure for the PA-specific GDPRCSA:
- Click "Data Protection"/"Processing Activities" tab in the Main Menu
- From the Processing Activity screen, click on the “GDPRC” button or
- Confirm your choice by clicking on the “Ok” button
- Consult the results by clicking on the “Show results” button
- At any time, you can consult results of previous assessments by selecting a specific PA and clicking on the “View” button. You can also request a new assessment by clicking on the “New GDPRC assessment” link below the results displayed.
¶ Prerequisites
- For, the PA-specific GDPRCSA, covering RECORD, PDLM, RIGHTS and CONSENT, you are required to have provided the necessary information in the relevant step when creating or editing the PA (tab: GDPR Compliance).
- For, the global (organisation-wide) GDPRCSA, covering DPMAN and BREACH, you are required to have provided the necessary information in the relevant step when creating or editing you organisation profile (tab: GDPR Compliance).
Previous topic:ROPA
Next topic:DPIA-assessment