Home Consultancy GDPR gap analysis

Our GDPR Gap Analysis is a robust assessment of your organisation’s GDPR (General Data Protection Regulation) compliance levels, designed to help you move forward with practical GDPR compliance advice.

We specialise in working with large or complex organisations, enabling them to understand how to apply the GDPR to their business practices. Working with you to understand your requirements, and using our proprietary GDPR RADAR™ tool, our consultant will assess your organisation’s data protection practices to determine whether they meet the requirements of the GDPR.

We will interview your key teams to establish the maturity of your compliance activities against more than 350 control areas defined according to the ICO’s (Information Commissioner’s Office) audit framework and other requirements such as the PCI DSS (Payment Card Industry Data Security Standard) as required by you.

 

We can work remotely or from your offices. After completing the assessment, we will present the findings to you, enabling you to ask questions and understand the results, and deliver a report highlighting where you are doing well and where to focus your attention, with practical advice on how to proceed.

Discover more about our GDPR Gap Analysis service below or fill in a form to speak to one of our experts.

What does the GDPR Gap Analysis cover?

A full analysis of your GDPR compliance position, bespoke to you. One of our data protection consultants will assess your organisation’s privacy management and data protection practices in the following areas:

 Governance

The extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.

Risk management

Your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.

 Privacy by design

The extent to which data protection by design has been incorporated into the development of your systems, services, products and/or processes.

DPO (data protection officer)

Whether your organisation is required to appoint a DPO, whether one has been appointed and, if so, whether they meet the Regulation’s requirements.

 Roles and responsibilities

The extent to which your organisation has defined and established appropriate roles and responsibilities, and delivered appropriate training and awareness.

Rights of data subjects

The processes your organisation has implemented to facilitate and respond to data subjects exercising their rights under the GDPR/DPA (Data Protection Act) 2018.

 PIMS (personal information management system)

The extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.

ISMS (information security management system)

Your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.

 Scope of compliance

Whether your organisation has clearly defined the scope of its GDPR compliance, taking account of all data processing in which it has a part, whether as data controller or processor, as well as any data sharing.

What you can expect 

Our GDPR specialist will analyse your data protection and privacy arrangements and documentation, and interview key managers in areas such as IT, privacy, operations, HR, marketing and finance. Following the assessment, we will present the results, giving you the opportunity to ask questions, and provide a report of our analysis.

See sample report snippets below or download a full sample GDPR Gap Analysis report here.

More about our GDPR RADAR tool

Our report includes RADAR charts, such as the below, to demonstrate which areas are compliant or non-compliant and to what extent. They are accompanied by in-depth descriptions to ensure you fully understand the results.

Radar chart

Radar Chart Example

What does this mean?

Each control and each area of the report is rated red, amber or green to show whether your current level of compliance is inadequate(red), potentially adequate (amber) or adequate (green). Inadequate areas need to be addressed first.

Radar results

Radar Chart Example 2

What does this mean?

A red finding means that you do not demonstrate enough assurance that you are meeting the requirement, given the risk in your data protection context.

Area breakdown

Area Breakdown Example Report

What does this mean?

Each area is further broken down into control themes. Where a particular area is more important for an organisation, we look for a higher level of assurance. This approach makes it easier for you to see where to focus your resources.

Examples of how we’ve helped our customers

"My company wanted support in reviewing our GDPR Compliance and identifying starting points for any changes needed. I was supported by Kevin Downs from the Sales Team in selecting IT Governance/DQM GRC GDPR Gap Analysis service for the Group and this service turned out to be absolutely the right solution for us. Ably delivered by Martin Fletcher whose knowledge of the subject and his willingness to adapt to fit into a schedule that suited our business needs was very welcome indeed. The service completely met with expectations and the whole process from start to finish was very helpful indeed. This is a worthwhile solution that is wholeheartedly recommended. "

Client Review
Katie, Danbro

"Lead 365 have worked with DQM GRC for over 3 years. Initially, we wanted them to review and highlight areas the business and team needed to work on to be ready for GDPR. We found their process and the consultants we worked with to be professional and efficient. The high-quality of the service received has improved our compliance and aided our success as a business. We continue to partner with them to review, update and help evolve the businesses framework to ensure that our data is as protected as possible. I would highly recommend their services on the GAP analysis and on-going support with DPIAs and ROPs."

Client Review
Director Lead 365

"DQM’s gap analysis service has been very useful for our business. The analysis has helped us thoroughly assess our data compliance activities, including reviewing how things are now and identifying areas for improvement in the future, all of which will factor into our ongoing data compliance work. The audit process was simple and well-signposted, and through the interviews we felt like the consultant was able to really understand our business and our data flows. These were reflected in the report’s findings which were clear, relevant and helpful. The report itself has also been instrumental in reporting to our board of directors."

Client Review
Anonymous

Why DQM GRC?

  • An award-winning data privacy consultancy and one of the longest-established specialist data protection consultancies in the UK.
  • Our clients range from multinational corporations to small family-run businesses.
  • As part of GRC International Group, we can draw on expert help from across the Group companies, including hands-on implementation delivery, training, information security services, data protection legal and compliance assistance, and data protection software.
Bespoke GDPR Gap Analysis

Service Benefits

  • Get an accurate picture of your organisation’s GDPR compliance posture.
  • Carried out by an independent and experienced data protection consultant.
  • Receive a detailed report that includes compliance scores, charts, recommendations and an action plan.
  • Talk through any questions with the consultant after the report delivery.

Speak to us about GDPR gap analysis today

Speak to an expert to find out more about this service and how it may suit your business requirements. Simply fill in the form and someone will contact you within 24 hours to arrange a call.

Speak to an expert