GDPR Readiness Assessment
15 questions. 5 minutes. Instant personalised gap report with specific policy recommendations for every area you're missing.
Quick answer. A GDPR readiness assessment scores your current data-protection posture against the UK GDPR and EU GDPR Article 5(2) accountability requirements: documented privacy notice, ROPA (Article 30), DPIA process (Article 35), DSAR procedure, breach notification (72-hour ICO window), processor DPAs (Article 28) and lawful-basis register. This free tool covers the 15 highest-risk areas and produces an instant ICO-shaped gap report — no sign-up, browser-only, five minutes.
Area-by-area breakdown
Quick answer. Area-by-area breakdown — in our experience, the short answer is bespoke generation cited to primary sources beats generic templates. Many uk smes typically discover the gap only at audit time; for example, a missing legislation.gov.uk reference. Bespoke generation closes the gap pre-emptively.
Recommended policy packs to close your gaps
Quick answer. Recommended policy packs to close your gaps — in our experience, the short answer is bespoke generation cited to primary sources beats generic templates. Many uk smes typically discover the gap only at audit time; for example, a missing legislation.gov.uk reference. Bespoke generation closes the gap pre-emptively.
Ranked by the specific gaps you flagged. Pricing is live from our pricing engine.
📄 Get the full PDF report
Detailed gap analysis, mapped to UK GDPR articles, with a remediation checklist. Sent straight to your inbox.
Questions about this tool
Quick answer. Questions about this tool — in our experience, the short answer is bespoke generation cited to primary sources beats generic templates. Many uk smes typically discover the gap only at audit time; for example, a missing legislation.gov.uk reference. Bespoke generation closes the gap pre-emptively.
Is this really free?
Yes. There's no charge and no signup required to see your score. We only ask for your email if you want the detailed PDF report.
How accurate is it?
It covers the 15 most common GDPR gaps we see across PolicySuite customers. It's not a formal audit but it reliably flags the highest-risk areas. We built the question set from UK ICO enforcement actions and EDPB guidance.
What happens to my answers?
Your answers are processed entirely in your browser — nothing is sent to our servers unless you submit your email for the PDF. See our privacy policy.
How the GDPR readiness check works
Quick answer. The readiness check walks the eight ICO accountability framework areas and the GDPR Article 30 ROPA requirements, then surfaces the policies most controllers find missing or outdated against current EDPB guidance. Bespoke generation typically replaces a £5,000–£15,000 consultancy engagement with a one-off £400 pack — a 12× to 38× cost reduction with the same audit-readiness.
References and primary sources
Quick answer. The guidance above is cross-referenced against the primary-source documents below. Each link resolves to an official regulator or standards-body publication so the chain stays intact end-to-end.
- ICO accountability framework — UK regulator practical guidance for personal-data handling.
- European Data Protection Board — binding EDPB guidelines on cross-border data transfers.
- ISO/IEC 27001:2022 — the international information-security standard most policy frameworks map to.
- legislation.gov.uk — official UK statute referenced inside policy text.
- NCSC Cyber Essentials — UK government cyber baseline for security policies.
In our experience, the documents that survive enterprise vendor review and ICO audits cite primary sources clause-by-clause. Many uk smes typically discover policy gaps only when the buyer’s legal team challenges a generic phrase — for example, a missing legislation.gov.uk reference or an outdated ACAS Code citation. Bespoke generation closes the gap pre-emptively.