Methodology
Methodology & Scope
Purpose of the Snapshot
The Data Handling Snapshot helps you see more clearly how personal data is handled in day-to-day work, and where things may be uncertain or inconsistent under GDPR or UK GDPR.
It is a structured way to spot where a bit more clarity or an internal conversation might help.
How the Snapshot Works
The snapshot uses a structured set of questions that focus on how data handling is understood and described across a business, rather than how it is documented or formally approved.
Participants respond based on current practices, typical workflows, and shared understanding within their business.
The questions are designed to surface how things actually work in practice, including where ownership, tool use, or processes are informal or assumed rather than clearly defined.
These areas are not assessed in isolation. The snapshot looks for combined patterns that may indicate uncertainty rather than single point issues.
Areas Covered
The snapshot explores several areas that tend to matter when data protection shows up in everyday work, including:
Data Handling
What personal data the business handles, where it originates, and how it moves through day-to-day work.
Shared Understanding
Whether everyone involved shares roughly the same understanding of how personal data is handled, or whether one person holds most of that knowledge.
Tools and Platforms
How personal data moves across the tools and systems used in normal work, and how clearly that movement is understood.
Third-Party Tools and Services
Whether external tools, platforms, and services that handle personal data are clearly understood, and how that understanding is maintained.
Ownership and Responsibility
Where responsibility for data handling decisions currently sits, and whether that is explicitly held or informally understood.
Decision Clarity
How clearly it is understood who is involved and who decides when a data-related question or situation arises outside normal work.
Alignment Between Practice and Process
How closely day-to-day practices reflect what is documented or understood across the business, and where those two things may have drifted apart.
Confidence
How clearly GDPR considerations are understood in day-to-day work, and whether that understanding is consistent across the people involved.
How Responses Are Interpreted
Responses are evaluated by looking for consistency across answers, indicators of clarity or ambiguity, and alignment between understanding and practice.
The outcome is a written description that reflects the patterns present in the responses. No score or category is shown.
What the Snapshot Is Designed For
The snapshot supports internal discussion. It gives you a shared reference point when data handling comes up, and a starting position before involving a solicitor or DPO.
Data Handling and Privacy
The snapshot is designed to minimise data collection. No personal data is requested to complete the assessment. Responses are processed solely for the purpose of generating the snapshot outcome.
Payment is handled separately by a third-party provider. Further details are available on the Privacy page.
Use of Results
Results should be treated as an informational input, not a definitive conclusion. They are most effective when used to prompt discussion and identify where further clarity may be needed.
Scope Limitations
The snapshot focuses on general patterns commonly seen in day-to-day data handling. It does not account for highly specialised processing activities, sector-specific requirements, or complex contractual arrangements. For those situations, specialist advice is appropriate.
In Summary
The Data Handling Snapshot turns how you describe your work into a clear account of how personal data is handled across your business. Use it as a starting point for internal discussion, a client conversation, or a professional review.