You can always press Enter⏎ to continue
GDPR Checklist
Please complete this form for an indication of your GDPR compliance.
18
Questions
START
1
Business Name
Please provide the name of your business or organisation.
Previous
Next
Submit
Press
Enter
2
Email
*
This field is required.
Please provide a contact email.
example@example.com
Previous
Next
Submit
Press
Enter
3
Have you assigned responsibility for Data Protection to someone in your organisation?
*
This field is required.
There should be an individual responsible for data protection issues.
YES
NO
Previous
Next
Submit
Press
Enter
4
Have you established if you are a Data Controller or Data Processor?
A Data Controller decides what data is collected and how it is used. A Data Processor carries out actions under instructions of a Data Controller.
YES
NO
Previous
Next
Submit
Press
Enter
5
Do you know which international data protection laws apply to you?
There are currently over 130 different international data protection regulations.
YES
NO
Previous
Next
Submit
Press
Enter
6
Have you registered with the Information Commissioner's Office (ICO)?
Almost all businesses will need to register with at least the UK regulator.
YES
NO
Previous
Next
Submit
Press
Enter
7
Do you have a Record of Processing Activity (RoPA) or Data Map?
This is a record that contains everything about the personal data that you process.
YES
NO
Previous
Next
Submit
Press
Enter
8
Do you have compliant Privacy Notices for the collection of personal data?
Privacy Notices need to contain specific information about how you collect personal data.
YES
NO
Previous
Next
Submit
Press
Enter
9
Do you have a complete set of Data Protection Policies and Processes?
These should cover all the requirements related to how you collect, process, share, store, transfer and delete personal data.
YES
NO
Previous
Next
Submit
Press
Enter
10
Do you follow a recognised Cyber Security Framework?
Common ones are Cyber Essentials, NCSC Top 10, CIS Top 20 or ISO27001
YES
NO
Previous
Next
Submit
Press
Enter
11
Have you carried out risk assessments on the personal data you process?
These can include cyber security assessments and Data Protection Impact Assessments (DPIA)
YES
NO
Previous
Next
Submit
Press
Enter
12
Are all your staff trained to the required level?
Training and awareness is mandatory for all staff handling personal data.
YES
NO
Previous
Next
Submit
Press
Enter
13
Do you monitor or track your performance against key data protection indicators?
Things such as how many requests you receive, how long it takes to respond, how much data you hold.
YES
NO
Previous
Next
Submit
Press
Enter
14
Do you conduct supplier or 3rd party risk assessments?
You should risk assess any party that you share personal data with.
YES
NO
Previous
Next
Submit
Press
Enter
15
Do you exercise or practice incident and breach responses?
This enables you to manage breaches more effectively if the worse happens.
YES
NO
Previous
Next
Submit
Press
Enter
16
Are you independently audited for Data Protection compliance?
This can provide early indications of any weaknesses, but also provide evidence for suppliers that you take Data Protection seriously.
YES
NO
Previous
Next
Submit
Press
Enter
17
Can you show your clients and customers how you protect their personal data?
Alignment with recognised frameworks, industry certifications and independent audits are a great way to show your clients how seriously you take the protection of their data.
YES
NO
Previous
Next
Submit
Press
Enter
18
Your Score
This score provides an indication of how compliant your GDPR framework is. If you have scored over 13 you are most of the way there, but there is probably still room for improvement.
If you would like a more detailed picture of how you can improve, press submit and we'll get back to you.
Previous
Next
Submit
Press
Enter
Should be Empty:
Question Label
1
of
18
See All
Go Back
Submit
