Tacita's assessments are undertaken remotely. All meetings are performed via voice conferencing (Microsoft Teams is our preferred platform). The total amount of your employee time to perform the full GDPR assessment is 6-8 hours. This includes pre-assessment and post-assessment meetings.
Step 1: Pre-assessment meeting. A Tacita representative will have a 30 min - 1 hour meeting with your organisation, outlining how the assessment works and who is required to be present. Typically, this would be your data protection officer or privacy manager (if you have appointed these roles), and normally the head of information security. Depending on the type of data processing that your organisation performs, other heads of department may be required e.g. head of HR or head of sales.
Step 2: Assessment. The Tacita assessment will take approximately 3-4 hours involving meetings with your organisations employees. The Tacita assessor will ask a suite of questions aiming to discover your current level of GDPR compliance.
Step 3: Follow-up meeting. Typically a few days later, the same Tacita assessor will have a follow up meeting with the same employees. This meeting allows the assessor to clarify any answers which your employees have given in prior meetings. It also allows your employees time to provide answers to any questions that could not be given during the first meeting. This meeting normally lasts for 1 hour.
Step 4: Report. The Tacita assessor collates your organisations answers and gives an assurance and criticality score for each question. These results are combined into one report where you will be given a total assurance score and criticality score for you GDPR compliance. The report will highlight the most important areas which you need to address, giving you recommendations for any issues.
Step 5: Report hand over. The Tacita assessor has another 1 hour meeting with your employees. In this meeting, the assessor briefly goes over the main findings of the report and highlights the immediate steps that should be taken to address GDPR issues.
If you have purchased Tacita's Standard Package, the report will contain an additional ‘solutions section’ which gives information on how to implement industry best practice. In the report hand over meeting, the Tacita assessor will also provide you with Tacita’s GDPR Toolkit. Tacita has a full catalogue of training material that can be used at your discretion. Included in this are: bite sized presentations covering all key aspects of GDPR; templates for standard GDPR documents; procedures and guidance on how to execute GDPR processes (such as a subject access requests); and recommended policies to implement.