Toggle navigation
Home
Administrative
Brexit Helpful Info
Brexit Admin & Legal Services
Opening a Business in Portugal
Consulting
Strategy Consulting
Technology Consulting
Cyber Security Services
Management
Change Management
Leadership and Talent Management
Risk Management
Technology
Business Intelligence
Service Oriented Architecture
Performance Engineering
IT Management
IT Strategy
Oracle Solutions
Green IT
Cyber Services
Research
Contact
Cyber Assessments
GDPR Self-Assessment
Quick privacy maturity self-check for SMBs. All sections submit together. No sensitive data collected.
⚠️ Fields highlighted are critical GDPR controls.
🌐
English
Français
Português (Portugal)
Español
Nederlands
Please fix the highlighted fields.
Date
First Name
Last Name
Email
Organization
Section 1 — Governance & Accountability
Has your organization formally identified whether it processes personal data as defined under the GDPR?
Have you appointed a Data Protection Officer (DPO) or a person responsible for privacy compliance?
Is there a register of processing activities (RoPA) maintained and updated regularly?
Do employees receive regular GDPR awareness or privacy training?
Do you have a documented data protection policy approved by management?
Section 2 — Lawful Basis & Data Handling
For each processing activity, is there a clearly documented lawful basis (e.g., consent, contract, legal obligation)?
Are data minimisation principles applied (only collect what’s needed)?
If consent is used, is it freely given, informed, and recorded?
Can individuals easily withdraw consent at any time?
Are data retention periods defined and enforced?
Section 3 — Data Subject Rights
Do you provide a clear privacy notice explaining how data is used?
Can individuals easily exercise their rights (access, rectification, erasure, restriction, objection, portability)?
Do you have a process for responding to data subject requests within one month?
Are requests tracked and logged for accountability?
Have employees been trained to recognise and escalate privacy requests?
Section 4 — Security & Breach Management
Have you implemented appropriate technical and organisational measures (TOMs) for data protection?
Are personal data stored in secure systems with controlled access?
Are data breaches detected and reported according to a documented process?
Have you tested your incident response procedure in the last 12 months?
Do you keep a breach register, even for incidents not reported to the authority?
Section 5 — Third Parties & International Transfers
Do you use data processing agreements (DPAs) with all third parties handling personal data?
Are third-party processors regularly reviewed or audited for compliance?
Do you transfer personal data outside the EEA (e.g., to cloud services)?
If yes, are appropriate safeguards in place (e.g., SCCs, adequacy decisions)?
Do you maintain an inventory of all third-party data recipients?
Section 6 — Continuous Improvement
Do you perform regular GDPR self-assessments or audits?
Are privacy considerations integrated into new projects (Privacy by Design / Default)?
Does top management review privacy risks and KPIs periodically?
Is GDPR compliance part of your overall information security or compliance framework?
Have you assigned budget or resources for ongoing privacy improvement?
Submit
The data collected from this survey will be used to compile a first-pass GDPR maturity snapshot. Once complete, all survey data will be permanently deleted.
As part of our EU compliance expertise, we also offer a free GDPR Gap Analysis based on your public website.