Start the Technology Control & Enterprise Readiness Assessment¶

Important: This is an educational and preliminary self-assessment. It is not legal advice, compliance certification, audit assurance, or regulatory opinion. For legal interpretation, consult qualified legal counsel. For technical architecture, readiness, and implementation planning, contact Nishanth Konsultancy.

This tool runs in your browser. Your answers are not sent to Nishanth Konsultancy unless you choose to export and share them.

STEP 1 — PROFILE & OPERATING CONTEXT

Client, profile, and jurisdictions

This shapes which jurisdiction rules and sector overlays are matched to your assessment.

⏱ ~2 minutes

🏢

Client mode

Client / business name

Assessment name

Consultant notes

📊

Business profile

Primary sector

?

Entity size

Processes personal data

Customer, employee, or user identifying information.

Transfers data across borders

Even via cloud vendors or remote teams.

Offers goods/services to EU residents

GDPR applies regardless of incorporation location.

Offers goods/services to UK residents

UK GDPR runs parallel to EU GDPR.

Regulated financial entity

Triggers DORA, PSD2, sector-specific rules.

Critical / essential entity

NIS2 mandatory reporting and management liability.

Uses AI / automated decisioning

EU AI Act obligations from 2025.

🌍

Countries / regions

Select every country where your business operates, serves customers, or processes data.

📁

Data categories

Select all data types your organisation processes.

STEP 2 — DATA FLOW & OPERATING FOOTPRINT

Data flow and operating footprint

Where data originates, lives, and travels determines your transfer obligations.

⏱ ~3 minutes

📍

Data origin

Where is the personal data you collect originally generated?

☁️

Storage / hosting

Primary cloud / hosting provider

?

Transfer Risk: US-based providers fall under the US CLOUD Act. EU personal data requires SCCs + Transfer Impact Assessment (TIA) to remain GDPR-compliant.

Storage locations

🔗

Processor / vendor locations

Where are your key SaaS tools and sub-processors based?

📝

Operational notes

Transfer notes

Known unknowns

Assumptions

STEP 3 — JURISDICTION & SECTOR RULE QUESTIONS

Rule-matched questions

Questions below are matched live from your selected jurisdictions and sector rule packs. Answer based on what is genuinely in place today.

⏱ ~4 minutes

⟳

Matching rules to your profile…

STEP 4 — EVIDENCE READINESS

Evidence readiness

If a regulator or acquirer requested documentation today, which of these could you produce within 48 hours?

⏱ ~2 minutes

📋

Documentation inventory

Data inventory / data map

Foundation for all other compliance evidence. What data exists, where, and who owns it.

Privacy notice — published and current

GDPR Art. 13/14, UK GDPR, DPDP, LGPD — all require clear notice of collection and rights.

Record of Processing Activities (RoPA)

GDPR Art. 30 mandatory. First document regulators request.

Data Processing Agreements with all vendors

Signed, stored, retrievable. Regulators request the full list during audits.

Transfer safeguards — SCCs / IDTAs / adequacy

Current 2021 SCCs or UK IDTAs, countersigned, linked to a transfer map.

DPIA for high-risk processing

GDPR Art. 35 mandatory. Absence is itself a reportable breach.

Incident / breach log and notification playbook

Covers GDPR, CERT-In, PDPA, and NIS2 reporting obligations.

Staff privacy training records (last 12 months)

Significant mitigating factor in enforcement proceedings.

Board or exec-level governance sign-off

Powerful accountability evidence in enforcement proceedings.

📝

Additional context

Consultant / advisor notes

STEP 5 — REVIEW & GENERATE REPORT

Review and generate report

Review your answers then generate your timestamped Technology Control Risk Report.

⏱ 1 minute

Important

This is a screening and gap-analysis tool only. Not legal advice or certification. Review with qualified legal counsel before relying on it for regulatory, investment, or operational decisions.

📊 Technology Control Risk Report

Organisation — Technology Control Assessment

🏢 📅 Nishanth Konsultancy Confidential — Not Legal Advice

📝

Executive Summary

📋

Applicable Controls, Governance & Evidence

Each matched item shows your answers, evidence checklist, remediation steps, and source references — with version and review date from the rule packs.

⚡

Action Register

Consolidated from all matched items, ordered by priority. Immediate items should be reviewed with the right technical, security, privacy, or legal owner.

Turn this into a working roadmap.

Use this report as the foundation for a readiness review, evidence validation, architecture review, and practical remediation planning.