Data Protection Tool

With the tests of the Data Protection Tool, you can assess how well your company has taken into account the key requirements set out by the General Data Protection Regulation (GDPR). Once you have completed a test, you will receive an indicative report that includes recommendations and further information.

All the tests included in the Data Protection Tool are available on this page. You will find a link back to this page at the end of each test. You can carry out tests in the order you choose, according to your schedule and, if you wish, save your test reports in a PDF format at the end of each test.

Using the preliminary test, you can first check how well you understand the basic concepts of the General Data Protection Regulation. The role test supports you in defining your company’s role. The General Data Protection Regulation imposes various obligations depending on whether a company acts as a controller, processor or joint controller in relation to the processing of personal data you have assessed.

The tests, which are set up specifically for the different roles, are all located below, on this page. The questions concerning the obligations of the controller are divided into five tests. These tests also apply to the joint controller, in addition to which there is a separate test for the joint controller. The tests for controllers are indicatively numbered but may be carried out in the order of your choosing. The questions concerning the processor have been compiled into a single test.




Premilinary test

Using the premilinary test, you can test your knowledge of the basic concepts and requirements of the General Data Protection Regulation. After the test, you will receive a report on your responses.

Role test

The General Data Protection Regulation imposes different obligations on companies, depending on the role in which the company processes personal data. Possible roles defined in the General Data Protection Regulation include the controller, the joint controller and the processor.

The company may have several roles depending on the situation. The same company may, for example, act as a controller when processing and processing the data of its own employees or clients when providing online services or payroll services to other companies. With this tool, you can only assess the fulfilment of data protection requirements in one role at a time. For this reason, it is advisable to select first the most extensive processing of personal data by the company. The object may be, for example, the processing of personal data of the users of an online service offered by employees or companies. Select the role based on the subject of the assessment.

If you wish, you can carry out a self-assessment several times to get tips on how to proceed in different situations according to data protection legislation.

Controller’s tests

The questions concerning the obligations of the controller are divided into five tests. These tests also apply to the joint controller, in addition to which there is a separate separate test for the joint controller. The tests of controllers are indicatively numbered but may be carried out in the order of their choice. The questions concerning the processor have been compiled into a single test.

Test for processors of personal data

The questions concerning the processor have been compiled into a single test. With this test, you can assess your company’s compliance with the obligations of the processor. Once you have replied, you will receive a report summarising your feedback on your responses as well as recommendations on the measures to be taken in accordance with them.