Organisations that have elected to undertake Data Privacy Register registration will be required to complete a rigorous self assessment that interrogates their privacy related processes and policies. Organisations are required to demonstrate that they are compliant with the Data Privacy Register framework.
Upon submission, registrations are entered into our automated risk assessment robot, which analyses inconsistent answers and flags risks within the organisation's submission. Our robot also matches responses within an organisations self assessment to publicly available information, such as privacy policies and terms of service to ensure accuracy.
Once the assessment phase is complete, organisations which have successfully demonstrated compliance with the Data Privacy Register framework will be issued registration. Registered organisations are entered onto the Data Privacy Register and will be granted a license to display the registration symbol.
Organisations are required to maintain compliance with the Data Privacy Register framework, and are required to re-certify every twelve months.