GDPR Readiness Assessment
15 questions. 5 minutes. Instant personalised gap report with specific policy recommendations for every area you're missing.
Quick answer. A GDPR readiness assessment scores your current data-protection posture against the UK GDPR and EU GDPR Article 5(2) accountability requirements: documented privacy notice, ROPA (Article 30), DPIA process (Article 35), DSAR procedure, breach notification (72-hour ICO window), processor DPAs (Article 28) and lawful-basis register. This free tool covers the 15 highest-risk areas and produces an instant ICO-shaped gap report — no sign-up, browser-only, five minutes.
Area-by-area breakdown
Quick answer. Your answers are scored across the five areas above. Green means the documentation for that area is broadly in place, amber means partial or untested, red means missing. Remediate the red areas first — they carry the regulatory exposure the ICO acts on most often.
Recommended policy packs to close your gaps
Quick answer. These recommendations are ranked by the specific gaps you flagged. Each pack generates the missing documents — privacy notice, retention schedule, breach-response plan, DPIA template — citing the UK GDPR articles they implement, so every policy traces back to the obligation it satisfies.
Ranked by the specific gaps you flagged. Pricing is live from our pricing engine.
📄 Get the full PDF report
Detailed gap analysis, mapped to UK GDPR articles, with a remediation checklist. Sent straight to your inbox.
Questions about this tool
Quick answer. Short answers on scope and accuracy. The check covers the fifteen most common UK GDPR documentation gaps, built from ICO enforcement actions and EDPB guidance — but it is a directional check, not a formal audit and not legal advice.
Is this really free?
Yes. There's no charge and no signup required to see your score. We only ask for your email if you want the detailed PDF report.
How accurate is it?
It covers the 15 most common GDPR gaps we see across PolicySuite customers. It's not a formal audit but it reliably flags the highest-risk areas. We built the question set from UK ICO enforcement actions and EDPB guidance.
What happens to my answers?
Your answers are processed entirely in your browser — nothing is sent to our servers unless you submit your email for the PDF. See our privacy policy.
How the GDPR readiness check works
Quick answer. The readiness check walks the eight ICO accountability framework areas and the GDPR Article 30 ROPA requirements, then surfaces the policies most controllers find missing or outdated against current EDPB guidance. Bespoke generation typically replaces a £5,000–£15,000 consultancy engagement with a one-off £400 pack — a 12× to 38× cost reduction with the same audit-readiness.
References and primary sources
Quick answer. The guidance above is cross-referenced against the primary-source documents below. Each link resolves to an official regulator or standards-body publication so the chain stays intact end-to-end.
- ICO accountability framework — UK regulator practical guidance for personal-data handling.
- European Data Protection Board — binding EDPB guidelines on cross-border data transfers.
- ISO/IEC 27001:2022 — the international information-security standard most policy frameworks map to.
- legislation.gov.uk — official UK statute referenced inside policy text.
- NCSC Cyber Essentials — UK government cyber baseline for security policies.
The documents that survive enterprise vendor review and regulator scrutiny cite their primary sources clause by clause. Many UK SMEs first discover a policy gap when a buyer’s legal team challenges a generic phrase — for example, a citation to guidance that has since been revised. Checking each policy against the sources above closes that gap before someone else finds it.