00) Does your organisation collect, process, or store personal data as defined under GDPR, other than that of your own employees?
GDPR Scoping
Written by Haydn Brooks
Created on March 18, 2019
Modified on October 12, 2020

Scoping question. Answer yes if your organisation collects personal data of data subjects residing in the European Union as defined by GDPR, other than the personal data of your own employees.

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based.

The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified through reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier.

How to implement the control:

More information about GDPR can be found here.

Risk Ledger recommends CyberSmart as a useful tool for helping you to comply with GDPR.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.