Privacy Maturity Self Assessment

Step 1 of 7

  • Awareness

    How aware is the organisation regarding Data Protection regulation?
  • Internal Staff are regularly trained on Data Protection regulation.
  • Onboarding procedures include Data Protection awareness and policy education.
  • All staff sign acceptance for policies that are released or changed.
  • All policy changes are communicated to staff.
  • We are aware of the laws in all jurisdictions in which we operate (where we either have offices or clients).
  • Privacy Policies and Cookie Notices are clearly visible and updated on our website.

This scorecard aims to give an indication of your organisation’s readiness and maturity levels when it comes to Data Protection. Many of these questions cover both POPIA and GDPR, and refer to Personal Information. Personal Information can be identified at a high level by using the flowchart below:

This flowchart raises a question about GDPR, as having a person based in the EU is not the only indicator that GDPR applies to you. The flowchart below will help you decide whether GDPR does indeed apply to your company.

Within this scorecard, six statements in six categories will be addressed. This scorecard is rated as follows:

  • A score of 0 if the company not aware of the requirement at all.
  • A score of 1 if the company is aware of the requirement but hasn’t put plans in place to address it.
  • A score of 2 if plans are in place to meet the requirement but have not been started yet.
  • A score of 3 if plans to meet the requirement have started and are mid-execution.
  • A score of 4 if initial plans have completed and the company partially meet requirements.
  • A score of 5 if the company meets the requirement of the statement.