IAPP GDPR Readiness Assessment
Powered by TRUSTe

FAQs

Other questions?

If you can't find your answer, send us a note: GDPRassessment@truste.com

Frequently Asked Questions

Overview

What is the IAPP GDPR Readiness Assessment Powered by TRUSTe?

The IAPP and TRUSTe have partnered to provide a comprehensive online assessment to help companies assess their readiness to meet the requirements of the GDPR. The assessment is available via a special single user version of TRUSTe Assessment Manager created for IAPP members. The assessment consists of more than 60 questions mapped to key requirements of the GDPR. After you answer the questions, you will receive a report summarizing responses along with recommended remediation steps for any items that are not consistent with the regulation.

Who wrote the assessment and remediation recommendations?

Assessment questions and remediation recommendations were carefully prepared by a team of TRUSTe consultants and analysts in conjunction with the IAPP Westin Fellows. The team has years of experience in analyzing privacy regulations, creating clear survey questionnaires, and providing best practice guidance for attaining compliance.

What standards is the assessment based on?

This high-level readiness assessment is designed to help companies understand the core obligations of the European Union's General Data Protection Regulation (GDPR), and determine which business processes they will need to review and implement in preparation for the GDPR. The GDPR is scheduled to take effect two years after its formally adopted by the Parliament and Council of the EU, and is expected to come in force by mid-2018.

This assessment is based on the final compromise text dated December 15, 2015. Note that references to sections of the GDPR text (article numbers) may change in the final, formally adopted Regulation. TRUSTe will update this template at that time to ensure GDPR references are correct.

Is this a Certification?

No. This is a self-assessment tool that helps the user identify potential areas of concern allowing them to remediate any issues internally before the compliance deadline.

What is Assessment Manager?

TRUSTe Assessment Manager is a module in TRUSTe's industry leading Data Privacy Management Platform, used by companies worldwide for ongoing privacy risk management and compliance.

Launched in March 2015, Assessment Manager was developed with the input of many well known global brands spanning a wide range of industries. Purpose built for managing privacy assessments, the SaaS-based Assessment Manager brings the benefits of automation to the privacy industry. Content features and functionality help teams greatly increase speed, efficiency, and consistency in conducting a wide range of privacy assessments such as PIAs.

Can more than one person in my organization get an account?

There is no restriction to the number of people within the same organization who can set up an account. The accounts are part of a special single-user version of Assessment Manager designed for the IAPP and information cannot be shared across accounts. Multiple user support is available via the full featured version of Assessment Manager.

Who can access my assessments?

You are the only user with access to your IAPP GDPR Readiness Assessment. Responses provided are confidential and neither IAPP or TRUSTe has any right of access. TRUSTe will provide technical account management support for your account and access as needed with your permission.

Can I use my IAPP GDPR Readiness Assessment for reporting purposes to a DPA?

The assessment is designed to provide a guide to help your organization prepare for the GDPR. It is not designed to be used for DPA compliance reporting. TRUSTe will be developing additional assessments which can be used to support DPA reporting requirements.

I am an existing TRUSTe Assessment Manager customer. What is the difference between my service and the IAPP GDPR offering?

A TRUSTe Assessment Manager account provides access to a wide range of additional templates. Assessment Manager users also have the ability to create and manage their own set of assessment templates. Moreover, Assessment Manager enables multi-user collaboration within your organization.

Account Set-up

How do I get set up with my IAPP GDPR account?

Visit iapp.org/truste-gdpr and provide some basic information to start the registration process.

Do I need to download any software or get my IT team involved?

No. The IAPP GDPR Readiness Assessment is a SaaS application. You only need a browser to register and begin your IAPP GDPR Readiness Assessment.

What browsers are supported?

Current versions of Firefox, Chrome, and Safari; as well as Internet Explorer 11 and later.

How long does it take to get my account created?

You can be up and running in relatively little time. After you register, your account will be automatically created. Within a few minutes you should receive an email containing a temporary activation code with instructions for entering this code and establishing your own password. Once completed you'll subsequently be brought to the "Welcome" page within your account. From there you are ready to go! If your activation code email doesn't come through, verify that the email you entered is correct and check your junk/quarantine folder. Email TRUSTe if problems persist: GDPRassessment@truste.com.

How do I reset my password?

If at any time you forget your password, click the "Forgot Password" link on the login page or go directly to: https://login-iapp.truste.com/login/forgotpassword. Enter your email address and you'll be sent instructions for resetting your password.

Assessment Management

Do I need to answer all of the questions before previewing the results of my assessment?

You can preview the results of your assessment after answering as few as one question by clicking on the Assessment link in the top navigation. This will enable you to get a better feel for the information contained in the report. Your answers are automatically saved so you can also come back and complete a project at a later time.

What if I answered the question(s) incorrectly?

You can change your saved answers at any time before you complete and submit the assessment survey and move it forward for review. In the review phase, because, you are also the reviewer, find the question and expand it using the "expand" button (+). Here you can click the Edit Response link and make the change. The change will also trigger an update to the status indicator.

How can I resolve issues?

During the review process you can drill down on responses that are flagged and click the Resolve button. From here you can decide to log the item as Approved or Approved with Exception. You can also add comments and upload relevant documents. Once the item is resolved the status indicator color will change, but remain identifiable for future reference.

How can I create remediation tasks?


Create a remediation task to document your plan at the question-level by clicking the button next to Resolve. You will have several options for customizing your remediation plan and by adding it the task will become part of the project log.

Can I assign tasks to other people?

Your free IAPP GDPR Readiness Assessment account allows for single user access. You can set task reminders for yourself within the system and you can follow up with other team members outside of the system and add comments or upload attachments to document their response.

Can I share the report with anyone?

The results from each assessment can be exported in PDF format.

Can I collaborate with others on the project?

The IAPP GDPR Readiness Assessment account does not support this feature. An upgrade to the full version of Assessment Manager enables multiple users within a single account. Users of TRUSTe's Assessment Manager are able to delegate assessment questions to multiple people and assign remediation actions to others. It also enables a variety of access and approval levels.

What do the icons in my assessment report Indicate?

The answer to this questions aligns with the GDPR requirements

The answer to this questions indicates a gap with the requirements of the GDPR and has been flagged for review

Flagged issue has been marked as resolved in the report

Appears in the report for assessments that are in survey status, i.e., the assessment is still in progress. The answer to this questions indicates a gap with the requirements of the GDPR and has been flagged for review. At this stage of the assessment, the answer may be updated or additional comments provided within the assessment questionnaire. Once the assessment questionnaire is complete the red flag will show as orange and you will be able to assign tasks and resolve the issue via the report.

Other

Is there a charge?

No. The IAPP GDPR Readiness Assessment is being offered free to IAPP Members.

How many IAPP GDPR Readiness assessments can I perform?

You can perform an unlimited number of IAPP GDPR Readiness assessments. Many companies will choose to run multiple assessments based on their corporate structure (e.g. a separate assessment for each Business Unit).

I am currently in the process of completing my TRUSTe privacy certification using Assessment Manager, can I use that account to also perform a GDPR or other type of assessment?

No. To maintain the integrity of Certification your assessment is set up so that the TRUSTe Privacy Solutions Manager is the project administrator and approver. The free IAPP GDPR Readiness Assessment account was designed as a separate version of Assessment Manager, streamlined for IAPP GDPR Readiness self-assessment and approval.

Can I export my IAPP GDPR Readiness Assessment to a TRUSTe Assessment Manager account?

The IAPP GDPR Readiness Assessment is a standalone service designed to help IAPP members define the steps they need take to be ready for the GDPR. If you decide to upgrade to TRUSTe Assessment Manager, you can save copies of your IAPP GDPR Readiness assessments and recreate them within a TRUSTe Assessment Manager account.