Is your organization prepared for a data breach?

How often do you perform Privacy Impact Analysis (PIA)?

Have you incorporated “Privacy-by-Design” in your IT systems?

Are your organization’s privacy notices and privacy policies up-to-date?

Do you know who and how to notify in case of a security breach?

Have you classified your data based on risk profile as critical, high, medium, low, and informational?

Has your organization identified and inventoried the data assets and processes used to transmit, process, and store Personal Identifiable Information (PII)?

Is your organization able to measure and demonstrate compliance with different data privacy regulations?

Does your organization have an access control matrix defined and updated for all data assets?

Do you have a data retention period defined and implemented as per legal and regulatory requirements?

Do you have a process to destroy or delete data as per the requirements and requests?

Does your organization take disciplinary action against violators of data privacy policy?

Does your organization have well-defined incident management procedures to handle a security incident?

How often do you organize training for your employees on best practices for safeguarding and protecting Personally Identifiable Information (PII)?

How often do you review and monitor applicable security controls for securing data?