Welcome!

You’ve been directed to this form as part of an important fact-finding mission… We’re working with your employer to help them review what kinds of personal data flow through their organisation, who has access and what kinds of risks might be attached. It’s important you fill this form out fully and to the best of your knowledge. This process will form part of our data audit and guide steps to comply with the data protection laws, so please be aware that any attempt to hide information could leave your employer liable for serious legal repercussions, and may be dealt with as a disciplinary matter. If you’d like to learn more about the General Data Protection Regulation feel free to browse the rest our site before continuing or see the Information Commissioner’s Office guidance at www.ico.org.uk.

Before you proceed

Some questions below may seem a little odd, but they’re all part of the process of ensuring that personal data continues to be processed within the law. If you’re concerned that your working methods may be non-compliant: don’t panic, just be honest – this whole process is to work out what is going on within the organisation, to map data flows and change practices where appropriate.


Please give the full name of the organisation you work for.
Under the new data protection laws it is necessary for your employer to have full details of, and control of, all personal data that relates to its operations. Please give any details of relevant data you collate yourself, such as a contact book, contact details in your own device/s or details you keep at on your own systems or at home. Please take care to disclose anything potentially relevant and note that failure to do so may be treated as a disciplinary matter.
Please note that no blame will be attributed to anyone as a result of a disclosure made in good faith and no names should be disclosed. This doesn't have to relate to an act or omission by you, but should include anything you are aware of or have heard of from others.
This is your opportunity to give us your ideas and suggestions on how data protection should be governed in your organisation. If there is any data your employer processes about you or others you feel is inappropriate please provide details here.

Privacy Notice
Some of the data we collect as part of this questionnaire will constitute personal data and as such falls under the General Data Protection Regulation. For the purposes of this fact-finding process, the data we collect is controlled by GDP Armour (the Data Controller). We will only process this information for the purpose of completing our audit process and to provide advice to our clients on the categories of data they hold, the purposes for the data being collected, how data flows through their organisation, which categories of employees or workers have access and how data is stored and kept secure. These purposes are justified under Article 6(1, f) of the GDPR, that they are necessary for our legitimate interests, namely that we produce a comprehensive study of data flows in the course of advising our clients. The data we collect as part of this form will be stored and processed only for as long as it takes to produce a report for our client, which we call an Information Asset Register. No part of this report contains any actual personal information. Data is stored with our secure cloud hosts, FastHosts.co.uk on secure servers in Europe, and Dropbox.com in Europe and the US. We also store data on company IT systems which are encrypted and password protected. As part of this process we may pass the data we collect on to your employer, who for the purpose of this exercise will be a Joint Controller. If you wish to make a disclosure to us in confidence please email surveys@gdparmour.co.uk. If the purpose for processing any part of this data changes we will notify you in writing. Under the GDPR you are entitled to certain rights, including the right to erasure, objection, rectification, restriction and to access the data we hold about you.  All Subject Access Requests should be directed to our chief data officer, David Charity, at info@gdparmour.co.uk, and will be completed within one month. You also have the right to lodge a complaint with the Information Commissioner’s Office – please visit www.ico.gov for more information.