This is a checklist of the things that should be taken into account when considering people’s privacy. It allows businesses to assess how well they are meeting a number of key requirements, grouped together under broad subject headings.
Each requirement is presented as a statement (with its legal necessity shown in brackets afterwards). For each requirement, simply click on the left-hand tab that most accurately reflects your current position.
On a laptop or desktop computer, leaving your answers open will allow you to print and save your results at the end of the checklist. This facility is not available on mobile devices.

SECTION 1: Governance – Organisation

1.1: The person within your organisation who is responsible for Data Protection has been identified and understands their role (good practice).

1.2: Your business is registered with the Information Commissioner’s Office and you have paid the appropriate fee (statutory requirement if applicable).

1.3: If required, you have appointed an appropriately trained and experienced Data Protection Officer (statutory requirement if applicable).

SECTION 2: Governance – Policy Framework

2.1: The processing of personal data in your organisation is directed by a Data Protection Policy that has been communicated to all staff (good practice).

2.2: Your Data Protection risks are well understood and managed (good practice).

2.3: You have in place documentation to ensure that your business is complying with all of the Data Protection Principles (statutory requirement / good practice).

2.4: Data Protection Impact Assessments are conducted before any significant or high risk processing of personal data is carried out (statutory requirement if applicable).

2.5: Your use of Data Processors is subject to appropriate due diligence and subject to clearly set out contractual terms (statutory requirement if applicable).

SECTION 3: Operations

3.1: All your staff who handle personal data have received training on Data protection that is relevant to their role (statutory requirement).

3.2: Any use of cookies on your website meets the requirements of the Privacy and Electronic Communications Regulations (PECR) (statutory requirement if applicable).

3.3: Your use of payment card systems conforms to Data Protection standards (good practice).

3.4: Your direct marketing activities are carried out lawfully (statutory requirement if applicable).

3.5: Your use of CCTV is carried out lawfully (statutory requirement if applicable).



Thank you for completing our checklist. We hope that you found it beneficial.
If you had any red results you need to take action to resolve them, we can help.

book an online consultation today

If your results were entirely green that’s great news.
Whatever your results please check out our solutions.

our sustainability solutions

If there is anything we can help you with please don’t hesitate to get in touch.

Contact us today