GDPR Assessment

Are you unsure about the extent to which your company is GDPR-compliant? Have you done a lot of work to comply with the GDPR and are you curious about the level your company is at? Or does your company have an “unsteady base” and is in need of a starting point and practical advice so that it can grow? A GDPR Assessment helps your company determine where it stands with respect to GDPR compliance and whether it is properly organised to process personal data responsibly, both now and in the future.

What is a GDPR Assessment?  ?

An assessment can take many forms. We will start by discussing and determining your company’s needs. The assessment can range from an initial scan of whether formalities under the GDPR are in place, to a full maturity scan, where we screen your company to see the extent to which it handles personal data responsibly. Whatever form the assessment takes, it will always be appropriate for your company, provide insight into risks, offer tools for improvement and it will always be conducted in a way that can be replicated.

In all our services, we pay attention to the company and its objectives. Even in these assessments, it is crucial to focus on your company’s right to exist and to determine the ways in which data processing plays a role in this. Only then can we provide your company with the best advice, so that you can also take leaps in responsible data processing.

When is the best time to carry out a GDPR Assessment?

There are several times when doing a GDPR Assessment can add value. For example, you can do it once to determine your company’s starting point and draw up a roadmap, but you can also carry out the assessment periodically to test whether the measures your company has taken are having the desired effect.


What is the GDPR Assessment like?

As we have already pointed out, GDPR Assessments can be done in several ways. However, we always start with a kick-off session, where we discuss what is important to your company and what role data processing plays in it. In the follow-up steps, we take a structured approach that aims to be replicable and that takes in the entire company. These assessments do not focus on a specific processing operation or a specific process (like a DPIA does), but they look at how the company as a whole is set up to handle personal data responsibly. The assessment’s end product is an advisory report containing specific and practical recommendations to start meeting the set goals.

Cuccibu can also help your company get started with the recommended follow-up steps from the assessment. Another option for your company is to do an information security maturity scan, or a combined measurement, looking at both information security as well as privacy and data protection.

We are Cuccibu

Interested or have any questions?

Please feel free to contact us via We would be happy to help you find the solution that best suits your company’s needs.

“We believe that you create added value through secure and responsible digitisation. This leads to opportunities for individuals, companies and society as a whole.“