Data protection analysis: Privacy Status Evaluation

Check data processing

The smart tool is particularly helpful with regard to verifying and reviewing internal processes from external vendors. Using various questionnaires, PSE checks compliance with GDPR requirements.

Audit of external vendors

PSE allows clients to audit external vendors to ensure compliance with data protection regulations. PSE determines the extent to which a company is adequately prepared to meet GDPR requirements and can certify the company’s readiness if needed.

In addition, clients can use PSE to pre-check potential contractors and to review existing service providers in order to reduce their company’s liability.

Data protection conformity

Furthermore, clients use PSE to check their company’s overall data protection status. Such an evaluation identifies and documents any measures a company should undertake in the future. These documents provide the basis for specific recommendations to allow the company to comply with data protection regulations.

PSE is used by companies that want to implement or supplement existing data protection measures. It is also used by companies that have already implemented various measures and would like to see a status report, since PSE helps identify any outstanding measures. Finally, users of our Privacy Kit or Compliance Kit 2.0 can take advantage of an additional feature: PSE can also create status reports for these management systems.

How does the “Privacy Status Evaluation” work?

Clients log into a specially developed program to fill out a web-based questionnaire. At present, the questionnaire includes 150 questions that take up to 5 hours to answer. IITR Cert GmbH is in charge of processing the results. PSE utilizes the latest analysis techniques to verify the accuracy of the responses and the extent to which they are binding.

Standardized questionnaires

The questionnaires can be customized to meet company-specific requirements. Currently the following questionnaires are being used, pursuant to the criteria found at www.iitr-cert.com:

• Data protection status check for medium and large companies pursuant to CPS 100
• Data protection status review for small companies pursuant to CPS 600
• Third-party-provider review within the context of outsourced processing pursuant to CPS 300

Details on the review procedure

The review procedure is as follows:

• Client requests a specific questionnaire (CPS 100, CPS 300, CPS 600, etc.)
• Account is being set up within the PSE platform
• The contact person fills out the web-based self-assessment
• The completed questionnaire is transmitted to IITR Cert GmbH and submitted for evaluation
• The evaluation compares current status to required status
• Client receives an audit report

Core functionality is also suitable for other areas

Based on the selected CPS standard, the kit provides the necessary tools to analyze a company’s data protection status. The core functionality is such that it can also be used in other areas.

If you are interested in using these tools and undertaking a Privacy Status Evaluation, please contact us at https://www.iitr-cert.com/.