Product Risk Level 0 — Risk Screener

Show help for each answer

0 of 9 questions answered0%

Q1. What are you looking to do?

Select one

A. Better understand the risks for a planned new product or service

B. Better understand the risks for a planned change to an existing product or service

C. Better understand the risks for an existing product or service in its current form

D. Better understand the risks to our business overall across all our products and services

Your answer provides context for your results — the questions and risk areas are the same regardless of what you select.

Q2. Who are your customers — the people or organisations that use or pay for your product or service?

Select all that apply

A. Consumers — members of the public

B. Employees or internal teams

C. Other businesses (your customers are companies, not individuals)

D. I'm not sure yet

Your audience determines which risk areas apply — consumer products face the widest set of obligations.

Q3. For people who are NOT your direct customers or users, does your product or service collect data about, or make decisions that affect them?

For example: children of your users, patients of your healthcare customers, people whose content you process but who are not directly interacting with you.

Select one

A. Yes

B. No — we only handle data about our own direct users

C. Not sure

Products often affect people who never signed up — those people have the same legal rights as your direct users.

Q4. Do people interact with your product or service directly — either themselves, or through a staff member acting on their behalf?

Select one

A. Yes — people use it themselves through an app, website, or interface

B. Yes — a staff member or agent uses it on behalf of another person (for example, entering a customer's details during a call or appointment)

C. No — it runs in the background or is accessed only by other systems

Whether people use the product directly or through a staff member affects which online safety obligations apply.

Q5. Does your product or service collect or use information about people?

Select all that apply

A. Yes — people give us information directly, or a member of staff enters it on their behalf (accounts, forms, profiles, call notes)

B. Yes — we observe or track how people use it (behaviour, clicks, location)

C. Yes — we receive information about people from another system or source

D. No — it doesn't handle information about identifiable individuals

Select every way your product handles personal data — even basic analytics counts in most jurisdictions.

Q6. Does your product or service use AI, machine learning, or automated algorithms to do anything?

Select one

A. Yes

B. No

C. I'm not sure — it might use a third-party AI tool or automated system

AI includes any automated decision logic or third-party model — not just obvious features like chatbots.

Q7. Can people on your product or service interact with each other or create content?

Select all that apply

A. Yes — users can post, comment, or share content publicly or in groups

B. Yes — users can send direct messages to each other

C. Yes — users can review, rate, or respond to other users' content or profiles

D. No — users only interact with content we produce and control

Online safety obligations apply whenever users can post content, message each other, or leave reviews.

Q8. Could someone under 18 realistically use your product or service, or be affected by its decisions?

Select one

A. Yes — it's designed for or marketed to children or teenagers

B. Possibly — minors are a realistic part of our user base, even if not the primary audience

C. No — access is restricted to adults, or minors are not a realistic user of this product or service

D. Not sure

Even without data tagged as children's, minors may still use your product — and design obligations follow.

Q9. Where will your users or affected individuals be?

Select all that apply

Jurisdiction doesn't change which risk areas apply — it determines which specific laws govern your obligations.