GDPR Quick Check

Step 1 of 5

Your company profile

We use this to personalise your GDPR analysis for your sector and data processing context.

Sector

Company size

Do you process special category data?

Do you have customers or users in the EU?

Company name (optional)

Step 2 of 5 — Legal Basis & Consent

Do you have a lawful basis for your data processing?

GDPR requires every processing activity to have a documented legal basis. Answer Yes, Partial, or No for each.

Have you identified and documented a legal basis (Art. 6) for every type of personal data you process?

Yes

Partial

No

Where you rely on consent, is it freely given, specific, informed, and unambiguous — and can users withdraw it easily?

Yes

Partial

No

Do you maintain a Record of Processing Activities (RoPA) as required by Art. 30?

Yes

Partial

No

Do you apply data minimisation — collecting only what is strictly necessary for each purpose?

Yes

Partial

No

Step 3 of 5 — Privacy Notices & Data Subject Rights

Are people informed and in control of their data?

GDPR gives individuals strong rights over their data. Transparency and rights fulfilment are among the most inspected areas by regulators.

Do you have a clear, up-to-date Privacy Notice (Art. 13/14) visible at all points of data collection?

Yes

Partial

No

Do you have a documented process to respond to Subject Access Requests (SARs) within 30 days?

Yes

Partial

No

Can individuals request deletion of their data ("right to be forgotten") and do you have a process to fulfil this?

Yes

Partial

No

Do you have a Cookie Policy and a functioning cookie consent mechanism on your website?

Yes

Partial

No

Step 4 of 5 — Processors, Security & Transfers

How do you manage third parties and protect data?

GDPR requires you to govern every third party that processes data on your behalf, and to apply appropriate technical and organisational security measures.

Do you have signed Data Processing Agreements (DPAs) with all third-party processors (Art. 28)?

Yes

Partial

No

Do you have a documented data breach response procedure, including notifying the DPA within 72 hours (Art. 33)?

Yes

Partial

No

Have you implemented appropriate technical security measures (encryption, access controls, regular audits)?

Yes

Partial

No

If you transfer personal data outside the EEA, do you have appropriate safeguards in place (SCCs, adequacy decision)?

Answer N/A as "Yes" if you do not transfer data outside the EEA.

Yes / N/A

Partial

No

Do you have a documented data retention policy and actually delete data when it is no longer needed?

Yes

Partial

No

Have your staff received GDPR awareness training in the last 12 months?

Yes

Partial

No

Step 5 of 5 — Get your results

Where should we send your report?

Your AI-powered GDPR gap analysis will be emailed to you instantly. Free, no commitment.

Your inputs are processed by our AI engine (Claude by Anthropic) using ephemeral processing — zero data is stored or used for model training. Results are AI-generated and do not constitute legal advice.

Your data is processed solely to generate and deliver your report. We do not share it with third parties. See our Privacy Policy.

How GDPR-ready
is your company?

Your company profile

Do you have a lawful basis for your data processing?

Are people informed and in control of their data?

How do you manage third parties and protect data?

Where should we send your report?

Analysing your GDPR posture…

🎯 Top Priorities

⚠️ GDPR Articles at Risk

Need a full GDPR compliance roadmap?

How GDPR-readyis your company?

Your company profile

Do you have a lawful basis for your data processing?

Are people informed and in control of their data?

How do you manage third parties and protect data?

Where should we send your report?

Analysing your GDPR posture…

🎯 Top Priorities

⚠️ GDPR Articles at Risk

Need a full GDPR compliance roadmap?

How GDPR-ready
is your company?