Free AI Governance Self-Assessment: 123DPO

What sector does your practice operate in?

We tailor your governance report and recommendations to your sector's specific regulatory context.

Architecture, Engineering & Construction Including BIM, structural, civil, MEP, project management

Clinical & Healthcare GP practices, dental, physio, private clinical, allied health

Legal Solicitors, barristers, legal consultancies

Accountancy & Finance Accounting practices, IFAs, tax advisers

Property & Real Estate Commercial agents, surveyors, property management

Other Professional Services Consulting, PR, recruitment, other regulated sectors

How many people work in your organisation?

Governance obligations and practical approaches differ significantly by organisation size.

1–9 people Sole trader or micro-practice

10–29 people Small practice

30–79 people Medium practice

80–199 people Larger practice

200+ people Enterprise-scale firm

Which AI tools does your organisation currently use?

Select all that apply, include tools used by any staff member, not just IT-approved tools.

ChatGPT / OpenAI Including ChatGPT Plus, API, plugins

Microsoft Copilot M365 Copilot, Copilot for Teams, Bing Chat

Google Gemini / Workspace AI Google AI features in Docs, Gmail, Meet

Claude (Anthropic) Including Claude.ai and API use

AI Image / Design Tools Midjourney, DALL-E, Adobe Firefly, Stable Diffusion

AI Coding Assistants GitHub Copilot, Cursor, Tabnine

Sector-specific AI Tools BIM AI, legal research AI, clinical decision tools

Other / Unknown Staff likely using AI tools we haven't formally tracked

What types of data does your organisation handle?

Select all that apply. This helps us identify which compliance obligations are most relevant to you.

Client personal data Names, addresses, contact details of clients

Employee / HR data Staff records, payroll, performance data

Special category data Health, biometric, racial/ethnic origin, religious belief

Financial data Bank details, payment information, financial records

Legally privileged / confidential Client communications, privileged advice, trade secrets

Project / commercial documents Contracts, drawings, specifications, proposals

How is AI governance currently managed in your organisation?

Be honest, this is for your eyes only. The more accurate your answers, the more useful your report.

Does your organisation have a documented AI or Data Use Policy?

YesDocumented and communicated to staff

PartialIn draft or informal guidance exists

NoNothing documented

Do you maintain an inventory of AI tools in use across the organisation?

YesFormal list maintained and reviewed

PartialSome tools tracked, not comprehensive

NoNo formal inventory

Have staff received AI awareness or data protection training in the last 12 months?

YesAll or most staff trained

PartialSome staff trained, not organisation-wide

NoNo AI-specific training

Do you conduct Data Protection Impact Assessments (DPIAs) before deploying new AI tools?

YesDPIAs completed for AI deployments

PartialFor some tools, not systematically

NoDPIAs not conducted

Have you reviewed AI and data processing clauses in your supplier contracts?

YesAI clauses reviewed in key contracts

PartialSome contracts reviewed

NoContracts not reviewed for AI terms

Does your organisation have an AI incident response plan?

YesDocumented plan covering AI incidents

PartialGeneral IR plan, not AI-specific

NoNo incident response plan

Is AI governance on the agenda at board or senior leadership level?

YesRegular board/leadership discussion

PartialDiscussed occasionally

NoNot a leadership priority yet

Your report is ready, where should we send it?

We'll email your personalised AI governance gap report to you. No account. No spam. Unsubscribe any time.

Your name

Work email address *

I'm happy to receive occasional updates and resources from 123DPO. I can unsubscribe any time.

By submitting, you agree to our Privacy Policy. Your data will be used only to send your report and, if you opt in, relevant updates. We never sell data.