Self-Assessment · Compliance
GDPR Assessment for SMEs
10 questions to find out whether your company complies with the General Data Protection Regulation. Identify critical gaps and receive concrete recommendations.
Do you have an up-to-date Record of Processing Activities (RoPA)?
Have you carried out a risk analysis of your data processing activities?
Do all your data processors have an Art. 28 GDPR contract in place?
Does your website privacy policy comply with Art. 13 GDPR with all mandatory clauses?
Do you have a documented data breach response protocol (72-hour rule)?
Do you collect consent in a manner that is freely given, specific, informed and unambiguous?
Have you appointed a DPO or assessed whether you are required to have one?
Have your employees received data protection training in the last 12 months?
Do you carry out Data Protection Impact Assessments (DPIAs) for high-risk processing?
Do you have a procedure for handling data subject rights requests (access, rectification, erasure, etc.)?
Answer all questions to see your results
GDPR Compliance Level
—
Detailed Analysis
Need help?
Request a full GDPR audit
Our data protection specialists will conduct a comprehensive review of your organisation and deliver a prioritised action plan.
What is the GDPR and why does it matter for your SME?
The General Data Protection Regulation (GDPR) is the European Union's legal framework for the protection of personal data. It entered into force in May 2018 and compliance is mandatory for any organisation that processes the data of EU citizens, regardless of size.
Fines can reach €20 million or 4% of annual global turnover (whichever is higher) for the most serious infringements. Supervisory authorities across the EU have significantly increased their enforcement activity, with particular attention to SMEs and sole traders.
Beyond fines, GDPR compliance builds trust with clients and employees, facilitates working with larger companies that require up-to-date Data Processing Agreements, and protects the organisation against increasingly frequent security breaches.
At BMC we have a team specialised in data protection who can act as your external DPO, conduct GDPR audits, prepare the mandatory documentation and support you in implementing the required technical and organisational measures.
Professional GDPR audit for your business
Beyond the assessment, our data protection specialists will conduct a full diagnostic and deliver a prioritised action plan with costs and timelines.