On May 24, 2017, the Bavarian Data Protection Authority (“DPA”) published a questionnaire to help companies assess their level of implementation of the EU General Data Protection Regulation (“GDPR”).

The DPA announced that it has sent the questionnaire to 150 randomly selected Bavarian companies.

The questionnaire examines the following topics:

  • procedures relating to the GDPR and the Data Protection Officer’s responsibilities;
  • data processing activities, inventories and privacy by design;
  • onboarding of external vendors and data processing agreements;
  • transparency, privacy notices and individuals’ rights;
  • accountability, the risk-based approach and security measures; and
  • data breach notification.

The DPA noted that it will be increasing its investigations after May 2018, and that this questionnaire provides an indication of how the investigations will be conducted.

Read the questionnaire (in German).

Read the press release (in German).