Take Our Free Privacy Assessment Step 1 of 12 - Question 1 8% Do you capture, store or process customer and/or colleague personal data?* Yes No Is there a suite of internally published and communicated company policies, standard and guidelines that support and promote data privacy and cyber-security best practice? Are these regularly reviewed and updated and is there evidence that these are well understood by your colleagues and staff?* Yes No Is the company familiar of latest UK Government Data Protection Act and EU General Data Protection Regulation (GDPR) and have an appointed Data Privacy Officer (or equivalent) to review and monitor adherence to any Data Privacy/Protection Laws and Regulations?* Yes No Where personal data is captured, stored or processed by your on-premise or off-site systems is access restricted and controlled so that only those personnel entitled to view, edit or delete have access?* Yes No Do re-design or updates to legacy (old or existing) or selection and delivery of new systems actively consider Data Privacy & Protection best practices/principles ahead of Go-Live?* Yes No Do Data Owners (Business or IT representative) regularly review the types and volumes of personal data captured, stored and processed by the Company's process and systems and seek to minimise the same and is this evidenced, i.e. meeting minutes, etc?* Yes No Does the Company have a pubished and regularly reviewed Data Retention Policy, Framework or similar and do all the Company's systems adhere to the same and can this be evidenced?* Yes No Does a validated and proven Disaster Recovery (DR) process exist that robustly demonstrates that personal data captured, stored and processed by the Company is available, accurate and have strong integrity? Can this be demonstrated through Active to Active fail-over or online/off-line backup and restoration?* Yes No Are data transfers (internal & external) which contain customer or colleague personal data securely encrypted with strong levels of encryption, i.e. 256-bits or higher?* Yes No Does the Company regularly conduct internal and/or external Vulnerability Management to actively detect potential or actual system vulnerabilities? If any Critical and/or High vulnerabilities are discovered are they swiftly remediated and retested?* Yes No Is data stored at rest, e.g. within data files, databases, etc securely encrypted with strong levels of encryption? Does the Company actively apply security and application "patch" fixes on regular, timely basis? Do all Company's IT assets have anti-virus installed (where possible) with timely access to latest anti-virus and anti-malware updates?* Yes No Name* Email* Phone*MessageConsent* Agree to Privacy Policy.*