čtvrtek 26. října 2017

GDPR - ARE YOU READY? - Autotest - Kasperski

Autotest připravenosti na GDPR.
Test najdete na portálu "kaspersky.co.uk" adrese: https://www.kaspersky.co.uk/gdprnebo přímo na adrese: https://www.gdprkaspersky.com/en/get-started
Test by měl údajně trvat 10 minut (  myslím, že je to dost optimistický odhad).
Cituji z úvodu:
"The best way to figure out what steps are needed is to understand how your business is currently placed. That's why Kaspersky Lab has created a free and simple to use assessment tool, focusing on the practical steps your teams will need to set in place prior to the May 25, 2018 deadline. What's more, to provide better insight on how you are placed against peer companies, we've built in a handy benchmarking feature. It should take you no longer than 10 minutes to complete, but by the end, you'll have a clear idea of where and on what you need to invest your time into."
"While in most cases, the GDPR will mean a lot of work for legal, information security and IT teams, much of the responsibility for continued compliance will fall to other departments and the individuals within them."
Cituji vybrané části textu testu:
"Answer the simple questions in under 10 minutes to get your Readiness Assessment."
- Track Your Progress - See how other have answered the questions as you progress through to the summary.
- Hints & Tips - Along the way we will offer advice and guidance regards GDPR compliance
- Readiness Assessment - Once you’ve answered the questions we will give you a personalised summary to download.
Úvodní otázky pro nastavení testu:
- Does your organisation store, process or transmit personal data, such as customer data supplier records or staff records?
- What size is your organisation?
- What is your level of knowledge about your organisation's existing IT security? (1 being minimum and 5 being maximum)
- What best describes your role?
Nabízení varianty odpovědi:
a) Operations / Management / Executive
b) IT Administration
c) Research and Development
d) Information Security
e) Other
Následuje přehled 18-ti otázek:
1) Are you aware of the new General Data Protection Regulations (GDPR) that will take effect on May 25th 2018?
Na výběr jsou předloženy 4 varianty odpovědi:
- Yes, and I have good knowledge
- Yes, and I am aware of some of the details
- No, but I have heard of the term GDPR
- No, I have no awareness of it
2)Please indicate your level of confidence that your organisation is taking appropriate steps to achieve compliance of the GDPR by the May 25th deadline next year.
3) Please indicate your level of confidence that your organisation will be fully compliant with GDPR by the May 25th deadline next year.
4) Please indicate your level of confidence that all staff responsible for handling personal data within your organisation are aware that the existing laws relating to data protection are changing.
5) Please indicate your level of confidence that all staff responsible for handling personal data in your organisation are aware of the effect that the changes to existing data protection laws will have on your organisation.
6) Please indicate whether the person with overall responsibility for the following departments is aware of the GDPR, and understands his or her responsibilities regarding the changes to the storage and processing of personal information.
7)My marketing and communications teams have reviewed existing privacy notices and policies to ensure that they will meet their new obligations around personal data collection (such as double opt-in)?
8) My marketing and communications teams are aware that they must now obtain consent to process personal information of children under the age of 13?
9) My marketing and communications teams have implemented new practices to verify the age of individuals or obtain parental / guardian consent when processing the personal data of children?
10) Could your orgainsation currently identify where all personal information (such as staff records, customer data and supplier records) is stored?
11)Could your organisation successfully demonstrate how, and from where, the personal data held by your organisation was sourced?
12)Could your orgainsation currently provide details of all the people and organisations it has shared personal data with, if requested to do so?
13)Which of the following data practices does your organisation currently follow?
14) Do you think those responsible for IT security in your organisation could report potential data breaches to relevant authorities and affected persons within 72 hours of detection?
15) Could your organisation demonstrate to the relevant authorities that you have adequate procedures in place to detect, investigate and report on personal data breaches?
16) Are you familiar with the concept of 'Privacy by Design'?
17) Question 17
18) Are you aware that Data Protection Impact Assessments should be carried out in high risk situations?
Your Personalised GDPR Summary
"Below is a permanent link to your personalised GDPR Assessment summary so you refer back to it and also share the results with colleagues.
https://gdprkaspersky.com/en/results/XXXX ( číslo testu - přiděluje systém )".