This Self Assessment questionnaire will help organizations understand the maturity of their Privacy Practices. The Assessment has been designed based on key Privacy Frameworks & Regulations (i.e. including the upcoming India Personal Data Protection Bill).
Before undertaking the self assessment, you should first determine whether you process Personal Data as a “Controller/Fiduciary” or “Processor”.
You would qualify as a Controller/Fiduciary if you process Personal Data of your customers for offering your own products and services and you determine the type of Personal Data that needs to be collected and how it will be used. E.g. A Bank processes Personal Data of their customers to provide services. Hence the Bank is a Controller/Fiduciary.
You would qualify as a Processor if you process Personal Data on behalf of other organizations (Controller). E.g. If the Bank has outsourced their Customer Care to a 3rd Party Call Center. The Call Center only processes the Personal Data on behalf of the Bank. Hence the 3rd Party Call Center becomes a “Processor”.
Please select the appropriate questionnaire based on your role.