The GDPR Accountability Principle mandates organisations must be able to clearly demonstrate compliance with the law. Simply being compliant is not enough.
You must be able to identify, and be answerable to, the measures that have been put in place to minimise risk - even when data has moved out of your organisation and the processing is being carried out by a third-party.
This goes beyond having the appropriate assurances and contract terms in place.
At DQM GRC, we can assess both the compliance of your organisation or its third-party suppliers and data processors. We can also conduct due diligence assessments on the organisations you’re considering acquiring or merging with in the future.
This can help ensure your business has taken evident steps to demonstrate compliance and reduce risk.
Our range of assessments include:
Our unique assessment is based on the ICO’s audit framework and can provide your organisation with a detailed report on its data protection maturity whilst identifying any high-risk areas. The process includes:
We will work with you to establish a prioritised list of vendors and create an assessment roadmap. A typical plan involves inspectional visits to critical and high-risk vendors, and an evaluation of questionnaire responses for non-critical vendors.
We will work alongside your organisation and its professional advisers to assess the data protection risk-level inherent in a merger or acquisition. This assessment will typically include:
Our proprietary assessment builds on the work done by the Capability Maturity Model Industry, and can provide your organisation with an assessment of its data maturity in respect of:
We can create an assessment plan tailored to your organisation’s exact requirements. This can include incorporating criteria which is specific to your organisation’s regulatory and contractual environment, or targeting certain data protection risk areas in more detail.
Our approach to assessments
We believe that assessments should be clear, fair and actionable. As external and neutral auditors, we give participants the ability to be open and honest with our team of experts – producing the most effective insights for your organisation.
Our concise reports are designed to swiftly highlight priority areas and produce an overview of your organisation’s data protection maturity status. Where relevant, we can help create an immediate action plan to address any issues we identify.
Discuss your needs today