Open Mobile Menu


Filed In: GDPR and Privacy

ICO’s Gift to you: Free GDPR self-assessment tools

Views: 3260

Written By: Ryan Hogan December 28, 2017

The Information Commissioner’s Office (ICO) in the UK has a gift for all of you folks trying to prepare for the GDPR in the form of a set of self-assessment tools. The tools cover:

Data Controllers

Data Processors

Information Security

Direct Marketing

Records Management

Data sharing and subject access


Each tool involves a set of questions about your organization’s progress in implementing various GDPR requirements as they apply to the U.K. They also include more information in the form additional descriptions about the control, and in many cases references to other ICO references that give additional context. Once you complete each self-assessment tool you will have a summary report of your organization’s overall rating, suggested actions to take for each control that is not fully implemented, and guidance for each control area. 

A small investment of time can help you understand where your organization is today and what you need to do to get ready for the GDPR. Even though a few things are specific to the U.K. (i.e. parental consent requirements for children) the vast majority of is applicable all EU Member states, so it well worth the time. If you lack the expertise, confidence, time, or resources to either perform the self-assessments or implement the suggested actions, remember your partners at AppSec Consulting are here to help.  Please contact us today or check out our GDPR and Privacy services.

Ryan Hogan

Ryan Hogan is the Director of AppSec Consulting’s Strategic Advisory Services team.  Ryan is an ISO27001 Lead Implementer and risk management professional with more than 16 years of industry experience.  Ryan has served in key information security roles at large enterprises within the finance, technology, manufacturing, and pharmaceutical markets.  He has worked on all sides of the security equation. Ryan has worked as an auditor reviewing security controls for SOC reports, and as security manager at a service provider that is having its security controls audited, as well as a security manager at customers reviewing the results of a service provider’s security audit. He uses this perspective and experience to provide a balanced view and a risk based approach to information security that meets business objectives. In addition, his experience and expertise includes performing Enterprise IT Risk Assessments, preparing for ISO27K Implementation, Vulnerability Management, and Security Strategic Planning.

Ryan has a strong track record of interpreting and applying a variety of information security-related frameworks and standards to meet an organization’s business objective. His common sense approach, communication skills, and initiative elevate him amongst his peers in the industry.  

read more articles by Ryan Hogan