PDPA Compliance Readiness Scorer
Score yourself across all 9 PDPA obligations.
Answer 9 questions honestly. We compute a weighted score and surface the top 3 remediation actions.
Q1 · Consent (s.13–17) · weight 12
Have you implemented an opt-in consent mechanism with clear purposes for every channel collecting personal data?
Q2 · Notification (s.20) · weight 10
Do all data-collection points display a privacy notice stating purposes BEFORE collection?
Q3 · Purpose Limitation (s.18) · weight 10
Are stored purposes documented and is data use restricted to those declared purposes?
Q4 · Accuracy (s.23) · weight 8
Do you have processes to verify and update personal data accuracy at point of use?
Q5 · Protection (s.24) · weight 15
Have you implemented reasonable security arrangements (encryption at-rest, access controls, MFA, audit logs)?
Q6 · Retention Limitation (s.25) · weight 10
Do you have a documented retention schedule with automated deletion/anonymisation triggers?
Q7 · Transfer Limitation (s.26) · weight 10
Have you mapped all cross-border data transfers and put in place comparable protection (contracts/binding rules)?
Q8 · Access & Correction (s.21–22) · weight 10
Do you have a DSAR workflow that responds to access/correction requests within 30 days?
Q9 · Breach Notification (s.26A–E) · weight 15
Do you have an incident response plan with PDPC notification within 3 calendar days of assessment?