13. 1. Does our organisation view privacy as a core
risk to be managed?
2. Who is in charge of privacy in our leadership
structure?
3. Does our privacy officer have enough authority?
4. Does our organisational culture value privacy?
5. Can we publicly show how our privacy goals are
being met?
6. Do our information systems use privacy by
design?