Answer 12 quick questions about how your business collects, stores and shares personal data. You'll get an instant GDPR risk level, a readiness score and a prioritised list of the gaps to fix first.
This self-check is an indicative guide based on Regulation (EU) 2016/679 (GDPR) and is not legal advice. A formal assessment requires a professional review of your specific data processing.
This free GDPR test is a 12-question compliance self-check quiz that takes about two minutes. It looks at two things:
When you finish, the quiz instantly calculates your GDPR risk level, a readiness score out of 100 and a prioritised list of gaps mapped to the relevant articles. Nothing is sent anywhere unless you choose to email yourself the report — scoring runs entirely in your browser.
The test places you in one of four risk levels based on the data you handle and the gaps you report:
Your answers show sensitive personal data handled with informal tools and major gaps in the basics. This is exactly the profile that turns a lost phone, a misaddressed email or a single complaint into a reportable breach and an enforcement case. Acting now is urgent — and far cheaper than an incident.
You're processing personal data with several important controls missing. You may be compliant on paper but not in practice, and you're exposed to complaints, data-subject requests you can't answer, and breaches you can't contain. A focused remediation closes most of this quickly.
You have the foundations but there are real gaps that a regulator, a client or a data-subject request would expose. Tightening a few areas — consent, retention, processor agreements, breach readiness — would put you in a solid position.
Your data handling looks well managed. The priority now is to keep it that way: documentation, periodic review and making sure new tools and staff don't quietly reintroduce risk. A light review can confirm you're fully covered.