← Work

Data Protection Assessment Tool

Atlancis Technologies · December 2024 – present · dpo.atlancis.com

A data protection framework shared informally with a colleague ended up in front of senior management. The company had no appointed DPO, and a role in acting capacity came from that conversation.

The first thing I built was an assessment toolkit: an eight domain framework covering governance, data processing principles, data subject rights, security measures, breach management, international transfers, training awareness, and documentation. Each domain broken into subsections, scored on a 1–5 scale, with priority action areas surfaced from the lowest scores.

The manual version did not scale. Collecting responses across departments meant chasing people over email, consolidating scores by hand, and producing reports that were stale by the time they circulated. The application replaced that process.

Admins create assessments and assign specific sections to specific users. Each assessor sees only their sections and completes them independently. The system tracks responses per user per section, multiple people can work the same section simultaneously without conflicts. Scores aggregate automatically, priority gaps surface in the results view, and reports export without manual compilation.

Built in Django, templates and forms for the frontend, PostgreSQL for persistence, Docker Compose for deployment, SMTP for assignment and approval notifications. Role-based access separates admins, assessors, and viewers. The assessment structure maps directly to GDPR and KDPA compliance domains so the output is usable without translation.

In active use across departments since early 2026, with questions still being populated as the programme matures.