Data Protection for Organisations
Online Self-Assessment Compliance tool
As part of the project entitled “GDPR awareness campaign and support to business organisations, in particular, SMEs — GDPRights”, the IDPC is glad to announce that another objective of the project has been finalised. Business stakeholders can now find a user-friendly “Online Self-Assessment Compliance tool” to measure compliance of their processing operations with the General Data Protection Regulation (GDPR).
In the course of developing this tool, IDPC involved small and medium-sized enterprises (SMEs) representatives namely, the Malta Chamber of SMEs, the Malta Employers Association and the Gozo Business Chamber to gain an insight of difficulties being faced by SMEs when implementing data protection requirements. They also participated in the testing of the tool, together with a number of SMEs.
This compliance tool is designed to assist various business stakeholders that are not familiarised with data protection. The IDPC is committed to increase the level of data protection awareness among the Maltese business community, and therefore the tool is an important objective of the project as it helps SMEs to not only assessing the risks of non-compliance, but also to mitigate risks identified with appropriate recommendations.
The user is invited to take an online self-assessment and to answer questions that cover the most important provisions under the GDPR. At the end of the Questionnaire, the tool generates a report based on the answers provided for the purpose of identifying levels of risk (high medium and low), measuring compliance gaps, and providing useful feedback and recommendations. In addition to the report, users can find a valuable documents library including templates of policies to be adapted and implemented within their own organisations.
You are invited to use the “Online Self-Assessment Compliance tool” available at https://idpc-compliance-tool.org.mt/
You may also access the Data Protection Guide for small business which has been developed by the EDPB and designed to provide practical information to SMEs about GDPR compliance in an accessible and easily understandable language.
The self-assessment risk levels, recommendations and the templates generated by this online tool are solely based on the answers provided by the user and do not constitute or replace any legal advice for compliance with the GDPR. The recommendations are only meant to give generic guidance and shall not be construed as being official advice provided by the IDPC.
The implementation of the recommendations and the identification of the level of risk identified by the tool shall be without prejudice to the Commissioner’s powers to investigate any violation of the GDPR, and to take necessary action according to law.
This project is co-financed by the European Rights, Equality and Citizenship Fund 2014 to 2020.