GDPR Self-Assessment

/GDPR Self-Assessment
GDPR Self-Assessment2018-06-14T08:34:17+00:00

Welcome to our GDPR Assessment Questionnaire 

Working closely with sole traders, micro and SMEs, we often find it best to start out with some basic questions to build a picture of how much each business knows about the personal data they use and the law that governs this.

To help with this, we have devised an initial assessment questionnaire with some key topics for discussion.

By answering the below questionnaire we will be able to quickly determine if your business meets the GDPR requirements, and where there may be some gaps in knowledge or procedures that we can help you focus on for compliance.  If in doubt, select the ‘Not sure’ option, and we can discuss further with you.

A member of our team will contact you after you have submitted this questionnaire.  Please allow up to 24 hours.

Business Name
Email Address
Telephone Number
What industry sector is your business in?

How many people work with you (employees and/or associates)?

Where do you trade your goods and services (where are your customers)?
Do you collect information about your clients, customers or end users (name, contact details, date of birth, health or payment details)?
Are you registered with the Information Commissioner's Office (ICO) as a business that processes people's personal information?
Do you keep customer or client personal information encrypted?
Do you collect only the minimum personal information that you need?
Do you ask for permission to use customer or client details in a particular way (e.g. to make sales calls, send marketing emails or newsletters)?
Do you give details to your customers about how you will use their information?
Is it easy and simple for a customer, client or supplier to withdraw or remove permission for their data to be used by your business?
Do you know exactly how much and what types of personal data your business processes, and have you documented this in any way?
Do you understand the term ‘data portability’ in relation to your customer’s data (and whether this applies to your business)?
Do you have an updated, GDPR compliant privacy notice? 
Do you have a procedure in place to deal with data breaches in your business?
Do you have a subject access request procedure, so you know how to respond when people ask you what personal data you have on them?
How many 3rd party providers do you work with that may have access to the personal data you process, including software providers? 
Do you know if any of your 3rd parties (processors, suppliers, business partners) are GDPR compliant?
Have you, or any of your key employees, attended or hosted any workshops or training on the new data protection requirements?
Do you feel you understand the data protection requirements of the GDPR places on your business?