Our GDPR Gap Analysis Service is a robust assessment of your organisation’s GDPR (General Data Protection Regulation) compliance levels, designed to help you move forward with practical GDPR compliance advice.

We specialise in working with large and/or complex organisations, enabling them to understand how to apply the GDPR to their business practices. Our consultants will work with you to understand your requirements and assess your organisation’s data protection practices using our proprietary GDPR RADAR™ tool to determine if they meet the requirements of the Regulation.

We will interview your key teams to establish the maturity of your compliance activities against the ICO’s (Information Commissioner’s Office) audit framework and other requirements, such as the PCI DSS (Payment Card Industry Data Security Standard).

We can work remotely or from your offices. Following the assessment, we will show you the results, answer any questions and give you a report with advice on what to do next.

Our consultants remain up to date with the latest data protection regulations, including the DPDI Bill, and are well placed to advise your organisation on compliance with all relevant data protection legislation.

Trusted by

Your cookie settings may prevent you from seeing our website forms. If you prefer, you can email us at sales@dqmgrc.com.

Bespoke GDPR Gap Analysis

Service benefits

  • Get an accurate picture of your organisation’s GDPR compliance posture.
  • Carried out by an independent and experienced data protection consultant.
  • Receive a detailed report that includes compliance scores, charts, recommendations and an action plan.
  • Ask the consultant any questions after the report delivery.

What is a GDPR gap analysis service?

A GDPR gap analysis is a process that helps organisations identify areas where their data protection practices do not align with the requirements of the GDPR. By conducting a gap analysis, organisations can plan to address any areas of non-compliance and improve their overall data protection programme.

Why do you need a GDPR gap analysis service?

  1. Get an insight into the true compliance status of your entire organisation, through the eyes of an external agency.
  2. Develop a clear strategy for your compliance team moving forward.
  3. Demonstrate to stakeholders and colleagues your commitment to GDPR compliance.

What does our GDPR Gap Analysis Service cover?

A full analysis of your GDPR compliance position, bespoke to you. One of our data protection consultants will assess your organisation’s privacy management and data protection practices in the following areas:


  • How well does your organisation monitor data protection compliance through policies, procedures, controls and reporting mechanisms?

Risk management

  • What arrangements does your organisation have in place for managing privacy risks?
  • To what extent are risks to data subjects’ rights and freedoms incorporated into your organisation’s overall risk management strategy?

 Privacy by design

  • To what extent has data protection by design been incorporated into the development of your systems, services, products and/or processes?

DPO (data protection officer)

  • Does your organisation need to appoint a DPO?
  • If so, does the DPO meet the requirements of the GDPR?

 Roles and responsibilities

  • Does your organisation have defined roles and responsibilities?
  • Has it delivered appropriate training and awareness?

Rights of data subjects

  • What measures has your organisation taken to facilitate and respond to individuals exercising their rights under the GDPR/DPA (Data Protection Act) 2018?

 PIMS (personal information management system)

  • What data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms does your organisation have in place?

ISMS (information security management system)

  • What are your organisation’s arrangements for privacy risk management?
  • To what extent are information-specific risks incorporated into corporate risk management?
  • To what extent are risks to the rights and freedoms of data subjects addressed?

 Scope of compliance

  • Is your organisation’s GDPR compliance scope clearly defined, considering all data processing it is involved in, as both data controller and processor, as well as any data sharing?

What can you expect?

Our GDPR specialist will analyse your data protection and privacy arrangements and documentation, and interview key managers in areas such as IT, privacy, operations, HR, marketing and finance. Following the assessment, we will present the results, giving you the opportunity to ask questions, and provide a report of our analysis.

See sample report snippets below or download a full sample GDPR gap analysis report here.

More about our GDPR RADAR tool

Our GDPR gap analysis report includes RADAR charts, such as the below, to demonstrate which areas are compliant or non-compliant and to what extent. They are accompanied by in-depth descriptions to ensure you fully understand the results.

RADAR chart

Radar Chart Example

What does this mean?

Each control and each area of the report is rated red, amber or green to show whether your current level of compliance is inadequate (red), potentially adequate (amber) or adequate (green). Inadequate areas need to be addressed first.

RADAR results

Radar Chart Example 2

What does this mean?

A red finding means that you do not demonstrate enough assurance that you are meeting the requirement, given the risk in your data protection context.

Area breakdown

Area Breakdown Example Report

What does this mean?

Each area is further broken down into control themes. Where a particular area is more important for an organisation, we look for a higher level of assurance. This approach makes it easier for you to see where to focus your resources.

Examples of how we’ve helped our customers

“My company wanted support in reviewing our GDPR Compliance and identifying starting points for any changes needed. I was supported by Kevin Downs from the Sales Team in selecting IT Governance/DQM GRC GDPR Gap Analysis service for the Group and this service turned out to be absolutely the right solution for us. Ably delivered by Martin Fletcher whose knowledge of the subject and his willingness to adapt to fit into a schedule that suited our business needs was very welcome indeed. The service completely met with expectations and the whole process from start to finish was very helpful indeed. This is a worthwhile solution that is wholeheartedly recommended. ”

Client Review
Katie, Danbro

“Lead 365 have worked with DQM GRC for over 3 years. Initially, we wanted them to review and highlight areas the business and team needed to work on to be ready for GDPR. We found their process and the consultants we worked with to be professional and efficient. The high-quality of the service received has improved our compliance and aided our success as a business. We continue to partner with them to review, update and help evolve the businesses framework to ensure that our data is as protected as possible. I would highly recommend their services on the GAP analysis and on-going support with DPIAs and ROPAs.”

Client Review
Director, Lead 365

“DQM’s gap analysis service has been very useful for our business. The analysis has helped us thoroughly assess our data compliance activities, including reviewing how things are now and identifying areas for improvement in the future, all of which will factor into our ongoing data compliance work. The audit process was simple and well-signposted, and through the interviews we felt like the consultant was able to really understand our business and our data flows. These were reflected in the report’s findings which were clear, relevant and helpful. The report itself has also been instrumental in reporting to our board of directors.”

Client Review

"Louise continues to be brilliant. She’s been helping with some quite complicated data issues relating to research that has enabled us to move forward with some quite groundbreaking studies. I know you won’t often hear about the positive impact of data protection (hence writing this!), but we now have the confidence to do so much more, and it will literally help to save lives and improve patient outcomes... so thank you!"

Rebecca Kenny Head of Governance and Compliance, Air Ambulance Charity Kent Surrey Sussex

Meet the team

Louise Brooks

Louise Brooks

Our GDPR Gap Analysis Service is managed by Head of Consultancy Louise Brooks. Having started as a solicitor, Louise moved into the compliance sector in 2017, becoming head of data protection for the RSPCA in 2018. She joined DQM in 2021 and is our subject matter expert for all things data protection and data privacy. Louise oversees all of our consultancy offerings as well as delivering complex client work. You can read more about her experience here.

Mark James

Mark James

Mark James joined DQM GRC as a consultant in 2022, having previously worked as a GDPR trainer and DPO for the Salvation Army. Mark has a wealth of experience working with a range of organisations to help them achieve GDPR compliance. His assignments have involved undertaking gap analyses, providing documentation completion, assessing policies and processes, and conducting risk reviews via DPIAs (data protection impact assessments). Mark is one of those rare consultants who has detailed knowledge of the security aspects of compliance, being both ISO and Cyber Essentials trained. Read more about his background here.


  • An award-winning data privacy and GDPR consultancy and one of the longest-established specialist data protection consultancies in the UK.
  • Our clients range from multinational corporations to small family-run businesses.
  • As part of GRC International Group, we can draw on expert help from across the Group companies, including hands-on implementation delivery, training, information security services, data protection legal and compliance assistance, and data protection software.

Speak to us about our GDPR Gap Analysis Service today

Speak to an expert to find out more about this service and how it may suit your business requirements. Simply fill in the form and someone will contact you within 24 hours to arrange a call.

Speak to an expert