The self-assessment questionnaire shall be completed in such a way as to first identify the main area covered by the safeguards and whether the business operator applies it in its business, and then objectively places a label for each measure (e.g. X) in a column depending on whether the said measure is in place, not applicable or not (e.g. the business operator does not use the said device) (answer n/a).
Once the questionnaire has been completed, it is presented at the beginning the safeguards established by the data controller, and at the end the safeguards that need to be established. Safeguards which are not applicable shall not be presented.
The objective is to have protection measures in place for all applicable measures.