Self-assessment of data protection in the age of GDPR

Wednesday 7 November 2018


The Information Commissioner’s Office (ICO) has developed a toolkit for small and medium-sized enterprises operating in the private, public and third sectors. This toolkit allows them to assess the data protection measures they have in place.

Importance of data protection

It has become more important than ever for a business to safeguard its data. It helps to boost a business’ reputation, makes customers more confident about buying products or services from the company and also works to save the company time and money.

With the introduction of the General Data Protection Regulation (GDPR), businesses have a lot to lose financially if they don’t comply with the latest data protection regulation. The GDPR penalty is severe. Organisations can be penalised 4% of their worldwide annual turnover or €20 million, depending on which amount is greater.

Self-assessing data protection measures

The ICO has created checklists to help organisations evaluate their compliance with the data protection law. They will also be able to figure out the measures they need to take to keep their customers’ data secure.

The checklists are available online and once a company completes each self-assessment checklist, they will receive a short report that contains recommendations and guidelines to further improve and enhance their data protection. The report also contains links to sites that provide additional guidance to improve data protection compliance.

Checklists to evaluate data protection

Companies should be aware whether they process and save customer data as a processor or controller. There could be some instances where companies are compelled to process data as a processor as well as a controller. In such cases, companies should complete both the checklists.

Here are the checklists that ICO has designed for organisations to check and evaluate their data protection compliance:

Controller’s Checklist: This checklist assesses a firm as a controller. It includes details like the rights of individuals, consent, requests to handle personal data and data breaches. It also contains the impact of data protection assessment under the GDPR.

Processor’s Checklist: This checklist is designed to help organisations that process data. It checks for compliance and includes the requirements that processors need to fulfil, rights of an individual and data breaches as per the General Data Protection Regulation.

Information Security: This particular checklist allows organisations to evaluate their data protection compliance in precise areas of cybersecurity and information risk and policy, working through mobile or at home, protection against malware, removable media and controlling access to the data.

Direct Marketing: Businesses involved in direct marketing will benefit tremendously from this checklist. Any organisation that sells products and services or promotes ideals and aims should opt for this checklist. It assesses the organisation based on the requirements of the Privacy and Electronic Communications Regulations and the latest data protection regulation. The checklist evaluates things like consent, telephone, email, text and postal marketing endeavours and consent for bought marketing lists.

Records Management: This checklist evaluates an organisation’s efforts to manage their records and how they safeguard the personal information of their customers. The checklist looks at areas, like off-site storage, record creation, on-site storage, access to the information, tracking, and disposal of data.

Data Sharing: This specific checklist evaluates an organisation’s data sharing policy and agreement, how it monitors compliance, maintains the sharing of records, handles registration and the processes it has in place when a request for the data is made.

CCTV: The checklists compiled by ICO also have one that covers CCTV. It helps a company assess whether it complies with the regulations governing CCTV systems. The checklist evaluates things like installation, public awareness, management, operation and signage.

Final words

Organisations in the UK should use these checklists to confirm their data protection compliance. Thankfully, when they answer the questions related to website security, they have nothing to worry with CWCS Managed Hosting, as they can opt for Web Inspector and ensure they enjoy optimal security while hosting their website.

Return to blog page

Put Your Servers In Safe Hands With Our Supreme Cloud Hosting

View our services to see which of our hosting options best suits your needs.

ISO 27001 Certified

Compliant to ISO 9001:2015 & ISO 27001:2013, CWCS is independently audited for your assurance that you will receive the highest level of quality, and will ensure your information secure, intact, and only available to those authorised to access it.

G-Cloud Supplier

The UK Government G-Cloud is an initiative targeted at easing procurement by public-sector bodies in departments of the UK Government of commodity information technology services using cloud computing.

Cyber Essentials

Cyber Essentials certifiication demonstrates our commitment to cyber security. Government and industry have worked together to produce a set of standards which helps organisations safeguard against the most common cyber threats.

Call us on 0800 1 777 000 or email us at