Do the data, privacy, and information security check

What type of data do you collect?

Are you collecting enough data for the defined purpose? Do you collect too much or unnecessary data for the purpose? Can you find ways to minimize data collection?

Why do you collect personal information?

What purpose does it serve? Have you explained the purpose to your target group? Do they fully understand what happens to their personal data when you are going to process them?

Do you regularly check the data for accuracy?

Do you have a working procedure to update the personal data, if relevant?

How do you store the data?

Do you have appropriate technical measures in place to keep the data safe? Do the right people in your organization have access to the data? Do you have a good backup of the stored data? And if the data is in the cloud, where is this cloud located?

How long do you keep the data?

Have you taken measures so that you do not keep the personal data longer than strictly necessary? Do you have a policy in place?

Can you meet your respondents’ rights?

Can you meet your respondents’ rights with respect to access to data, data portability, and the right of erasure? Are your systems for data storage suitable for access to meet these individual rights? And within the given deadline?