Check your GDPR Readiness in five minutes! Thank you for taking the time to complete this short GDPR assessment. It contains 15 questions and should take no more than 5 minutes of your time to complete. Once we get your completed form, we will be able to provide your with free constructive feedback based on your answers. Name* First Last Company Name*Company Website URL Email* Enter Email Confirm Email Phone*Q1. Did my organisation define, agree upon & communicate a data privacy and data protection (DPP) strategy?*YesNoQ2. Is the data privacy and data protection strategy aligned with the business strategy and have the data & IT strategy been updated accordingly?*YesNoQ3. Has my organisation defined, documented and understood the scope of personal data (across all relevant processes and applications/ systems)?*(Documentation includes agreed business terms & definitions for each personal data object & mapping to relevant physical (db,...) objects & structures.)YesNoQ4. Has my organisation categorised it's personal data (functional, risk based & security based)?*(Taking into account that certain data objects could change categorisation based upon the context in which they are used.)YesNoQ5. Has data governance been setup and is it clear who owns which types of personal data, who manages it, who is working with it (stewards) and how the data governance organisation & the DPO organisation will collaborate?*YesNoQ6. Is it clear which personal data poses a higher data privacy and data protection risk (across the organisation's processes & applications/systems)?*YesNoQ7. Has the organisation listed all specific purposes on why personal data is stored & processed and has all personal data been linked to at least one purpose?*YesNoQ8. Is there a legal ground for all personal data that's stored and/or processed and is all consent linked to a specific purpose (which was clearly explained at the point of gathering consent) and explicitly given?*YesNoQ9. Do I regularly measure the quality of all personal data and is all personal data of good quality according to a set of defined business and technical rules & validations.*(Good quality also implies a single version of the truth - avoiding different versions of "good quality”.)YesNoQ10. Does my organisation have a plan and approach on how to demonstrate compliance?*YesNoQ11. Did my organisation update all relevant contracts with customers, processors & (joint-) controllers?*YesNoQ12. Is there sufficient understanding of the implications of Privacy by Design & by Default and have all (relevant) legacy solutions been updated according to these principles?*YesNoQ13. Does my organisation have sufficient insight and access to personal data in order to adhere to all rights of the data subject (includes the data portability right - both when porting and receiving ported data)?*YesNoQ14. Is the IT department already involved & actively working to implement GDPR?*YesNoQ15. Is my organisation fully aware of GDPR and has a communication (incl. training) plan been rolled out?*YesNoCommentsThis field is for validation purposes and should be left unchanged.