This web site uses cookies. You are free to manage your cookie settings in your web browser at any time. For more about how we use cookies, please read our data privacy policy.

Free online check if you need to implement the GDPR

Free online check if you need to implement the GDPR

Free online check if you need to implement the GDPR

Answer the questions and find out

This test is 100% anonymous. No data is stored about you or the result.

Is your organisation based in a European Economic Area (EEA) country?

Is your organisation based outside the EEA but processes EEA citizens/residents personal data?

Does your organisation run automated and/or manual processes for personal data that store results in digital or paper filing systems?

Is your organisation a competent national/international law enforcement authority?

Do you only process personal data for your own personal use?

Do I need to implement the GDPR? is a common question. To find out if you need to implement the GDPR, answer the questions. If you still are not sure, we can perform a GDPR readiness or current state assessment against our GDPR framework benchmark model.

All questions are taken from GDPR Articles 2 and 3 - Material and Territorial scope .

Contact us for more details about our products and services.

The GDPR must be implemented by any organisation based in the EEA. It must also be implemented by any organisation outside the EEA that processes data belonging to individuals inside the EEA. Processing scope covers the offering of goods or services (free and paid) and monitoring behaviour that takes place within the EEA.

List of countries where the GDPR is mandatory

Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom.

There are some countries that have been awarded an "adequacy decision" which means that the level of data protection in these countries is acceptable. Even though these countries have an "adequacy decision", companies based in them must also have an  EU representative.