Take A 10 Minutes GDPR Readiness Assessment

This anonymous tool can help you identify potential gaps in your organization's capability to demonstrate compliance with GDPR principles.

Your score and recommendations are available immediately, and we do not ask for any contact information.

Next


Your GDPR Readiness Assessment

To get the most value out of this exercise, we encourage you to provide objective answers. The tool is completely anonymous, and we do not ask for contact information before downloading the results. Click on to get additional info about any question.
We have determined if we are required to appoint a Data Protection Officer (DPO), appointed one if necessary, and communicated their contact details to the local supervisory authority.

We have established a privacy team, assigned privacy-related responsibilities throughout our organization, and organized specific training

We have an updated record of the personal data processing activities carried out under our responsibility (GDPR controller register).

We have an updated record of all categories of processing activities carried out on behalf of other organizations (GDPR processor register).

The purpose for each personal data processing activity is clearly described

The lawful basis for each processing activity is determined

A legitimate interest analysis (LIA) was conducted for processing activities based on legitimate interest

Controls are in place to ensure valid consent is obtained (if applicable)

Previous Next

Your GDPR Readiness Assessment

This is a high-level assessment. Your report will include comments and suggestions for a more detailed analysis on each topic.
For each processing activity we explained why the data is needed and controls are in place to minimise data collection and processing

We have a ‘Data Quality Policy’ and controls are in place to ensure data accuracy

We have determined the data retention period for each activity and created a ‘Data Retention Policy’

We have a 'Data Anonymisation/Pseudonymisation Policy'

We have a 'Media Destruction, Retention & Backups Policy'

Previous Next

Your GDPR Readiness Assessment

Unless you have an unlimited budget, there is no such thing as perfect compliance. Identifying and prioritizing high-risk areas will help you focus where it makes the biggest difference.
We created an organization-wide inventory of data supporting assets

Each data supporting asset was analyzed to identify threats and vulnerabilities

Privacy and security controls are implemented for each data supporting asset

We have a system in place to ensure that planned privacy and security controls are implemented

We have a ‘Vendor Selection/Onboarding Procedure’

Each vendor involved in data processing activities is subject to a periodic security assessment

We have determined what security policies we need and created them

We keep a security incidents log and have a data breach response and authority notification procedure

Previous Next

Your GDPR Readiness Assessment

Did you notice that the questions have a specific order? They're based on the much more detailed project-plan feature available in Sypher, which is designed to help you avoid gaps in your documentation.
We created the necessary privacy notices

We have a system in place to identify relevant changes that require an update for the privacy notices

We have a ‘Data Subject Requests Management Procedure’ and response templates

Controls are in place to ensure data subjects rights are protected

We have a system to identify all third country transfers of personal data

The adequacy of each personal data transfer to a third country was assessed and documented

We have a system in place to assess the risk of each processing activity and to identify those that require a DPIA

Previous Next

Your GDPR Readiness Assessment

This is the last page! After answering these questions click on 'See results' to get to your report.
We have a ‘Personal Data Protection Policy’

We have a disaster recovery plan that covers resuming the activities for which a DPIA was deemed necessary

We have a contract or data processing agreement in place with every data recipient that we work with

We have a reviewing system in place, that ensures our ability to demonstrate compliance is verified and confirmed on a regular basis

Previous

0%