EN - GDPR Self-Assessment

Data Collection

1. Do you have a clear privacy policy that explains what personal data you collect?

Yes, we have a comprehensive privacy policy We have a basic privacy policy but it needs updates No, we don't have a privacy policy

2. Do you obtain explicit consent before collecting personal data?

Yes, always with clear consent mechanisms Sometimes, but not consistently No, we collect data without explicit consent

3. Have you documented all the data sources (e.g., website forms, email marketing, third-party tools)?

Yes, all data sources are fully documented Most sources documented, but some gaps remain No, we haven't documented our data sources

Legal Basis & Processing

4. Do you have a documented legal basis for processing personal data?

Yes, clearly documented for all processing activities Partially documented, needs improvement No, we haven't documented our legal basis

5. Do you maintain records of your data processing activities?

Yes, comprehensive records are maintained Basic records, but could be more detailed No, we don't maintain processing records

6. Can users easily withdraw their consent at any time?

Yes, clear and easy withdrawal mechanisms are available Withdrawal is possible but the process could be clearer No, we don't have consent withdrawal mechanisms

Data Subject Rights

7. Can individuals easily request access to their personal data?

Yes, we have clear processes and respond within 30 days We handle requests but the process could be clearer No, we don't have established processes

8. Do you have procedures for data deletion requests (right to be forgotten)?

Yes, comprehensive deletion procedures in place Basic procedures, but need improvement No, we don't have deletion procedures

9. Have your employees or team members been trained on how to recognize and respond to data subject requests?

Yes, comprehensive training provided to all relevant staff Some training provided, but not comprehensive or regular No, staff haven't received specific GDPR training

Security & Compliance

10. Do you have appropriate technical and organizational security measures?

Yes, comprehensive security measures implemented Basic security measures, could be enhanced No, minimal security measures in place

11. Do you have a data breach notification procedure?

Yes, documented procedure with 72-hour notification timeline We have some procedures but they need refinement No, we don't have breach notification procedures

12. Do you have contracts (Data Processing Agreements) with your third-party providers (e.g., cloud, email, CRM)?

Yes, comprehensive DPAs with all third-party providers Some DPAs in place, but coverage is incomplete No, we don't have DPAs with third-party providers

Your GDPR Compliance Score

0%

Calculating your results...

Your Assessment Summary:

Data Collection:-

Legal Basis:-

Subject Rights:-

Security:-

Ready to Close Your Compliance Gaps?

Get your personalized GDPR compliance roadmap and expert guidance.

GDPR Self-Assessment