Data Protection Register

Free GDPR readiness check

Eight plain-English questions, about two minutes. You will get a readiness score and a short, prioritised list of what to do next. No jargon, and no specialist needed.

Your records

1. Do you have an up-to-date record of what personal data you hold and why (a record of processing)?

Lawful basis

2. For each way you use personal data, do you know your lawful basis (consent, contract, legitimate interests, and so on)?

Transparency

3. Do you have a clear privacy notice telling people how you use their data?

Security

4. Is personal data protected with the basics: limited access, encryption in transit, and sensible controls?

Breaches

5. If personal data was lost or exposed, would you know what to do, including the 72-hour reporting rule?

Retention

6. Do you have retention periods, so data is deleted when it is no longer needed?

Individual rights

7. Could you handle a request from someone to see, correct or delete their data within a month?

Accountability

8. Has someone taken ownership of data protection, and does the team know the basics?

Answer all 8 questions to see your score.

Common questions

Does my small business really need to do this?

Almost certainly. UK GDPR applies to nearly every business that handles personal data, including staff and customer details. The often-quoted 250-employee line is about one record-keeping detail, not an exemption.

Is my answer data stored?

The check runs in your browser and we do not store your answers. If you ask us to email the report, we store only your email address, with your consent, to send it and our updates.

Is this legal advice?

No. It is an indicator to help you see where you stand and what to prioritise.