PDPA Assessment Tool for Organisations (PATO)

PDPA Assessment Tool for Organisations (PATO), Data Protection Notice Generator (DPNG) and eLearning on Data Protection will not be available from 15 January 2025 7:00 PM to 10:00 PM for maintenance. We apologise for the inconvenience caused.

 

This self-assessment for organisations has a total of 40 questions. There are 11 categories. Each category has between 1 to 8 questions and could take between 5 to 40 minutes to complete. At the end of the assessment, the results report and action plan will be sent to the email address provided by you. Please note that we do not retain any information provided to us in the course of completing the assessment.

To exit from this tool, please close your browser.
Why use this
This tool aims to:
  • Enable organisations to carry out a self-assessment of their personal data protection policies and practices for the organisation’s compliance with the PDPA.
  • Help highlight potential gaps in your personal data protection policies and practices.
  • Direct you to the relevant PDPC guides, guidelines and resources.
  • Generate a self-assessment report based on the organisation’s own inputs.
How to use
How to use this tool:
  • Select a question category.
  • Answer each question with either 'Implemented', 'Partially Implemented', 'Not Implemented', or 'Not Applicable'.
  • Describe what your organisation has done to be PDPA ready. This includes measures such as policies, procedures, forms, security measures, training or response plans, data inventory maps, consent register, data protection management programme, data protection impact assessment and contract clauses.
  • Get the results at the end of the assessment.
What you get
What you will receive:

You may use the results report and action plan to give your senior management an update of your organisation’s implemented measures. You may also use these documents to inform them of your plans to enhance the existing data protection measures.

Results report will provide:
  • Assessment score
  • Recommendations
  • Guidelines

Action plan will provide:
  • Reminders of personal data protection measures to be implemented
  • Customisable fields for you to provide details of personal data protection policies and processes that you would be implementing (i.e. Target date, action owners, timeline)

If you would like to get a preview of the questions before attempting the assessment, click here to download a list of questions.

Start Now