Checklist for EU GDPR

1) Is there any draft questionnaire or checklist for the compliance of EU GDPR? Like any set of questions which any company(may be from different industries) answers to show its compliance with GDPR. If there exists and you know, kindly forward me such link.

Answer: Unfortunately EU GDPR is not our main area of expertise (we work with ISO standards). Considering specific clause of EU GDPR I suggest you to consult GDPR site (https://www.eugdpr.org/more-resources-1.html). In this page you will find links to legal evaluations and other compliance information considered relevant to GDPR.

2) DLP in itself says that there should be no data leakage from the organisation so one has to monitor what data is at rest/transit/motion. But if you monitor all the data of the employee then it invades its privacy which is against the personal liberty. I am trying to figure out what is the threshold where data can be monitored and beyond which monitoring invades privacy. Is there a draft set of rules or laws which specifically implement DLP keeping in mind the personal liberty of the employee. Along with this, the DLP monitoring should be compliant with EU GDPR as well.

Answer: Privacy laws can be very different from country to country, so it is very difficult to try to identify common thresholds. In terms of ISO 27001 good practices would be:
- Establish enterprise-wide network and systems usage policies, so there are clear rules about what can be sent or received through organization resources
- Ensure every employee is aware of monitoring practices by means of newsletters and other forms of organizational communication. This measure also can help prevent undesirable data losses.

For our template Acceptable Use Policy you can take a look at this link https://advisera.com/27001academy/documentation/it-security-policy/

You just need to scroll down a little to find the free demo tab.