GDPR self-assessment questionaire

If you hold data on individuals, you will be affected when the Data Protection Act is replaced by the General Data Protection Regulation on 25th May 2018. 


This questionnaire is completely free, and anonymous (we will not even ask you for your email address).

You will instantly see your score upon completion of the questions and you will have the opportunity to review your responses.

The survey is contained on 3 pages and should take no longer than 5 minutes. 

Note that this is not an audit, the questionnaire is intended to help you understand key issues and offers an indication as to your current readiness. Compliance requires specific advice and implementation pertinent to your organisation. 

Although results will be used to analyse general GDPR knowledge, you will in no way be identified.

Is GDPR non-compliance on your company risk register? *

Have you discussed GDPR with your insurer *

Do you have a designated Data Protection Officer? *

Does anyone outside your business have access to your data? *

Do you have a process for breach reporting? *


Do you seek direct consent for use of the data from the subject? *

Do you record the purpose of data collection? *

Do you ensure that data is only used for the intended purpose? *

If data is "repaired", can you record what it was previously and the reason for change? *

Are you able to process data access requests? *


Do you store any data on systems outside your direct control? *

Are you able to erase stored IP Addresses if requested? *

Are you able to erase data without damaging business data integrity? *

Do you know that your data is secure? *

Is your data accurate and up to date? *

Can a record be exported in a portable and open format? *