GB EN IT IT ES ES
Free tool · No sign-up · 2 minutes

How exposed are you under the GDPR?
Take the free GDPR test & self-check quiz.

Answer 12 quick questions about how your business collects, stores and shares personal data. You'll get an instant GDPR risk level, a readiness score and a prioritised list of the gaps to fix first.

GDPR Compliance Check Quiz

12 questions · about 2 minutes · no sign-up. Take the test below to score your GDPR risk and readiness.

Your data
Whose personal data do you handle?

The GDPR applies to anyone processing personal data of people in the EU — customers, patients, employees, prospects.

What kind of data do you handle?

Special-category data (health, biometric, beliefs) and children's data carry the highest obligations (Art. 9).

How do you mainly collect and receive personal data?

How data enters your business is where most GDPR risk is created.

Your practices
Do you have a clear lawful basis and an up-to-date privacy notice for each use of data?

Art. 5, 6 & 13 — lawfulness, transparency and information.

For marketing, do you have valid consent and an easy way to opt out?

Consent (Art. 7) + ePrivacy — the most common complaint trigger.

Is personal data encrypted and access limited to the staff who need it?

Art. 32 — encryption, access control and confidentiality.

Is data stored only in secure, controlled systems (not personal devices or open shared drives)?

Art. 32 — integrity and controlled storage.

Do you have defined retention periods and actually delete data you no longer need?

Art. 5(1)(e) — storage limitation.

Do you have data-processing agreements (DPAs) with your tools (CRM, cloud, email, payment)?

Art. 28 — processors must be under a contract.

If you use non-EU tools (US email, analytics, hosting), do you have transfer safeguards (SCCs)?

Art. 44–46 — international transfers. Choose 'No/Not sure' if you're unsure.

Could you detect a personal-data breach and notify the authority within 72 hours?

Art. 33 — breach detection and 72h notification.

Do you keep records of processing and can you handle access/erasure requests from individuals?

Art. 30 + data-subject rights (Art. 15–22).

This self-check is an indicative guide based on Regulation (EU) 2016/679 (GDPR) and is not legal advice. A formal assessment requires a professional review of your specific data processing.

How the GDPR test works

This free GDPR test is a 12-question compliance self-check quiz that takes about two minutes. It looks at two things:

When you finish, the quiz instantly calculates your GDPR risk level, a readiness score out of 100 and a prioritised list of gaps mapped to the relevant articles. Nothing is sent anywhere unless you choose to email yourself the report — scoring runs entirely in your browser.

What your GDPR risk level means

The test places you in one of four risk levels based on the data you handle and the gaps you report:

🔴 Critical GDPR risk

Your answers show sensitive personal data handled with informal tools and major gaps in the basics. This is exactly the profile that turns a lost phone, a misaddressed email or a single complaint into a reportable breach and an enforcement case. Acting now is urgent — and far cheaper than an incident.

🟠 High GDPR risk

You're processing personal data with several important controls missing. You may be compliant on paper but not in practice, and you're exposed to complaints, data-subject requests you can't answer, and breaches you can't contain. A focused remediation closes most of this quickly.

🟡 Moderate GDPR risk

You have the foundations but there are real gaps that a regulator, a client or a data-subject request would expose. Tightening a few areas — consent, retention, processor agreements, breach readiness — would put you in a solid position.

🟢 Low GDPR risk

Your data handling looks well managed. The priority now is to keep it that way: documentation, periodic review and making sure new tools and staff don't quietly reintroduce risk. A light review can confirm you're fully covered.

GDPR test — frequently asked questions

Is this GDPR test free?+
Yes. The GDPR compliance quiz is completely free, with no sign-up and no payment. You can take the test as many times as you like, and your answers are processed in your browser — we never store them.
What is a GDPR self-assessment?+
A GDPR self-assessment is a structured questionnaire that estimates how exposed your organisation is under the General Data Protection Regulation. Our quiz asks 12 questions about the personal data you handle and your day-to-day practices, then returns a risk level and a readiness score.
How do I know if the GDPR applies to me?+
The GDPR applies to any organisation that processes the personal data of people in the EU/EEA — customers, patients, employees or prospects — regardless of where the organisation is based. If you handle any EU personal data, you are in scope. The first question of the test checks this.
What is special-category data?+
Special-category data includes health, biometric, genetic, religious and political data, plus children’s data. Under Article 9 it carries the highest obligations and risk. The test asks whether you handle it and weights your result accordingly.
What are the main GDPR compliance requirements?+
Key requirements include a lawful basis and clear privacy notice for each use of data, valid marketing consent, encryption and access control (Article 32), defined retention periods, data-processing agreements with your vendors (Article 28), safeguards for non-EU transfers, the ability to detect and report a breach within 72 hours (Article 33), and records of processing plus handling of data-subject requests (Articles 15–22 and 30).
How long does the GDPR quiz take?+
About two minutes. There are 12 multiple-choice questions: three about the data you handle and nine about your practices. No preparation or documents are needed.
Is the test a substitute for legal advice?+
No. The self-check is an indicative guide based on the GDPR and is not legal advice. A formal data-flow audit and compliance review require a professional assessment of your specific circumstances — which our consultants can provide free of charge.
What happens after I complete the check?+
You instantly see your GDPR risk level, a readiness score out of 100 and a prioritised list of gaps mapped to the GDPR articles. You can optionally receive the full report by email and book a free consultation with a data-protection specialist.