1. Do you plan on investing in technology specifically to comply with GDPR in the next 12 months? Possibly. We are evaluating our systems and potential products that may assist with compliance.
2. Have you implemented information security network(s)? Have those networks been updated to take account of GDPR? No
3. Nearly six months after GDPR has come into effect, have you completed an assessment and validation with all third-party organisations you work with regarding GDPR compliance? Yes – work in progress
4. Do you monitor the compliance of all the third-party organisations you work against your information security? Yes
5. Under the new rules, have you completed an audit to identify all files or databases that include personally identifiable information (PII) within your organisation? Yes
6. Have the employees in your organisation received training on data protection and other relevant law? Yes