Choose the right assessment tool to find out how GDPR compliant your company is!

What is an assessment tool?

In its simplest form, an assessment tool is a checklist that shows how much you can "check off" - and what else you need to do. It helps you by asking the right questions and should ultimately lead to some kind of action plan to guide you on your journey to GDPR compliance.

There are a number of assessment tools on the market and the qualitative difference between them depends mainly on their comprehensiveness and detail. The risks of assessment tools that do not evaluate the activity as a whole in a detailed way are of course that some part is overlooked.

Assessment tools are often created for specific systems, apps and programs or for different units or functions within a business. For example, you can link an IT system to the tool, which then evaluates how compliant the system is. It is important not only to assess the IT platform and technical functions, but also to ensure that procedures and processes are evaluated,

The basic rule is that you can't just think about technology - GDPR compliance must permeate your entire business, not just your IT platform.

Assessment tool: creates the conditions for evaluating activities

Many times the evaluation can be difficult to interpret - just understanding the questions on which the evaluation is based can be difficult. This may be due to general ignorance of the requirements of the GDPR or vague and overly ambitious formulations in the questions.

To be able to use your assessment tool properly, you need to have at least a basic knowledge of the GDPR, and of course knowledge of the business you are assessing with the tool.

If you are working in a large company with many departments, it is important to work cross-functionally and that all parties handling personal data are represented in the evaluation process.

Evaluation alone is not enough

Getting a clear picture of what needs to be done is of course a big and important step in the right direction, but it is important to remember that just because you know what the situation is, you still haven't solved any of the problems. All the things you actually need to do to become compliant remain.

As a layman, it is very difficult to evaluate an assessment tool and compare it with other options - which tool to choose and why? In addition to the problems that arise if the tool is too system-specific or too general, the content of the evaluation only gives a clearer picture of the shortcomings. It does not give you any concrete help on what to do to address them. Therefore, make sure you choose a tool that also provides follow-up suggestions on how to address the shortcomings.

Keep this in mind when choosing and using your assessment tool:

• How much of your assessment will you want to do on your own? Whether you can do everything yourself or get outside help often depends on the complexity of your business.
• Ensure that the person conducting the evaluation has basic knowledge of both the business and the requirements of the GDPR.
• Engage the whole business and work cross-functionally.
• GDPR is not just about technology and IT - it permeates your entire business. Make sure your assessment tool doesn't just cover specific parts of your business or your systems and applications.
• Choose an assessment tool that provides concrete suggestions on what to do to address the shortcomings.