Welcome to the Data Protection
Self-Assessment Checklist !
You are encouraged to use the checklist below to establish
the awareness and state of preparedness in relation
to Data Protection Policy
Ideally the reponse to all check points below would be positive. If the outcome at each check points is positive one then your processes at your organisation are in good shape from a data protection viewpoint. If you do identify gaps in the check points below, you are encouraged to address any identified gaps or request expert support.
Check POINT 1: Obtaining information in a fair manner
► Is the data gathering process open, transparent and direct?
► At the instance of collecting information about data subjects (individuals), is the use and purpose of that information collected clearly communicated?
► Are data subjects made aware of any personal information disclosed being relayed to third parties?
► Were data subjects consulted in cases where any personal data submitted was required for any secondary uses?
Check POINT 2: Clear SYSTEM requirements
► Is the purpose for which personal data is gathered clear?
► Is the information retained in systems clear in terms of purpose as per consent of data subject?
► If information about the data subjects is being processed, have you registered with the Data Protection Commissioner specifying a clear and comprehensive statement of the purpose?
► Has a responsible person been identified to ensure adequate maintenance of data in line with requirements?
Check POINT 3: Usage and disclosure of information
► Is there a clearly defined policy about the usage and disclosure of information?
► Has such policy been clearly communicated to all members of staff?
► Are the data subjects aware of all the uses and disclosures of their respective personal data?
► Have you considered revisiting user consent if the uses and disclosures might have changed over time?
► If your system is registered with the Data Protection Commissioner, does your registration include an accurate list of persons to whom personal data may need to be disclosed?
Check POINT 4: Security features
► Are there reliable security safeguards in place for each system holding sensitive information?
► Has a person responsible for the upkeep of security safeguards been identified?
► Are the security safeguards appropriate to the sensitivity of the personal data retained?
► Are your systems and databases adequately password-protected or encrypted to prevent unauthorised data access?
► Are your files and computer systems securely locked away from any unauthorised use?
Check POINT 5: Adequate & relevant information
► Is data collected from data subjects fair and adequate?
► Is all information collected relevant and not excessive with respect to the purpose specified to the data subject?
► If you are to justify the reason for processing or storing information about a data subject, would you be in a position to justify all information gathered?
► Is data protection an integral part of standing policies and procedures?
Check POINT 6: Accurate & updated information
► Is the data checked for accuracy following a regular schedule?
► Is the personal data properly categorised in relation to time-sensitivity, making it become inaccurate as time goes by?
► Are standard processes in place to ensure all systems and databases are kept up-to-date?
Check POINT 7: Retention timeframes
► Is a clear policy on retention timeframes in place?
► Are the legal requirements in relation to data retention clear?
► Are systems regularly purged from data that is no longer need?
► Is policy in place relating to the deletion of personal data as soon as the purpose for which data is no longer relevant?
Check POINT 8: Right of Access
► Has an individual responsible for handling access requests been identified?
► Are requests to access information clearly regulated through procedure?
► Do such procedures guarantee compliance with regulatory requirements?
Should you need advise or further details concerning the above Check Points feel free to contact RSM Malta