(Reading time: 2 - 3 minutes)

b is for baseline measurementThe other day a client had approached me for a GDPR Quick Scan and a Risk Quick Scan. I sent them a list of documents I needed to look over before making the actual appointment at their organization. A few days later the client had said that they’d also had a scan done last year and felt that they should probably use those results instead of having a new scan.

I spoke with the client and explained that it’s wonderful that they already have scans to compare with! You see, scans are snapshots of your current situation and last year's scan doesn't tell you anything about where you stand today. So, having regular (yearly at least) scans is extremely useful to compare and see trends.

2 types of information to assess your risks

In order to assess risks you basically need 2 types of information:

1.      Information up until today (which we call your analysis)

  • Previous scan results
  • Incident reporting
  • Data breach reporting
  • Results from interviews, questionnaires, etc
  • etc.

2.      Information starting from tomorrow onwards (which we call assessments)

  • Trends (also using previous scan results)
  • PESTLE assessment
  • Horizon scanning
  • Asset Value Management
  • etc

Why do I need a baseline measurement?

You might wonder why you need a baseline measurement (or quick scans). The answer is simple. If you’ve never had one before you need to know where you stand. If you have had one, it’s important to know if and how things have changed (for better or worse) so you can respond accordingly.

What does a baseline measurement tell me?

The results of the baseline measurement / quick scans offer action points that are categorized using the MoSCoW method (Must haves, Should haves, etc.). If you don’t know where you are, you don’t know what obstacles lie ahead which ultimately means that your business continuity is at risk. You are unprepared for all risks and once the proverbial hits the fan you’ll only be there cleaning up messes but not actually dealing with the problems. You just won’t have the time, budget and / or resources. So, to prevent that, it’s important to know what lies ahead and to tackle as many risks as you can. A baseline measurement is step one!

Do you need advice or help?

If you’d like a GDPR Quick Scan or Risk Quick scan or a more extensive baseline measurement, please contact me

Would you like to know more about GDPR and Risk Management? Sign up now for the 60 Day Challenge

Sign up via or check out for more info!


60 day challenge flyer promotional flyer