Tech Privacy Risk Scorecard

How Much Privacy Risk Is Your Tech Company Carrying?

15 questions. 5 risk areas. An instant score showing exactly where your company is exposed and where to focus first.

Data breaches don't start with hackers. They start with the decisions your team makes every day: about how your product is built, what data it collects, who has access to it, and what happens when something goes wrong.

This assessment benchmarks your company's approach to privacy risk across governance, design, implementation, verification, and operations, and gives you an instant risk rating with a personalised breakdown by area.

It takes just 5 minutes
It’s completely free
Receive customised results instantly

Take the Scorecard

How it works

Answer 15 questions across 5 risk categories that apply to any company developing software or products.

Get a customised risk scorecard as to how your business ranks in terms of the handling of Personal Information.

Used by founders, CTOs, and technology leaders across the tech industry.
No technical expertise required. Any company leader can complete this.

You’ll be scored against the following key areas:

Governance

Privacy risk starts long before a line of code is written: it's in how your company sets strategy, defines ownership, and makes decisions. These questions assess whether privacy is embedded in how your company is led, or left to chance.

Implementation

The most expensive privacy problems are the ones built into what you're creating. These questions assess whether privacy is a design input, shaping products and features before they're built, or a retrofit after the fact.

Design

How your team builds and ships software determines how much risk you carry in production. These questions assess the processes, controls, and practices your team has in place at the build and delivery layer.

Verification

Issues that aren't caught before release become incidents after it. These questions assess how systematically your company finds and closes privacy and security gaps before customers, auditors, or attackers find them for you.

Operations

Your risk doesn't stop at launch. These questions assess whether your company's operational practices protect the data your product handles, and whether you'd know when something goes wrong.