Our GDPR Gap Analysis is a robust assessment of your GDPR (General Data Protection Regulation) compliance levels using our proprietary GDPR RADAR™ tool.

Our consultant will assess your organisation’s data protection practices to determine whether they meet the requirements of the GDPR.

We will interview your key teams to establish the maturity of your compliance activities against more than 350 control areas defined according to the ICO’s (Information Commissioner’s Office) audit framework and other requirements such as the PCI DSS (Payment Card Industry Data Security Standard).

 

The review typically takes three days* and can be delivered remotely. Your results will be presented in a one-hour meeting, where you can ask questions, and in a written report that shows where you are doing well and where you should focus your attention.

 

*Depending on the size of your organisation.

 

Discover more about our GDPR Gap Analysis service below or fill in a form to speak to one of our experts.

What does the GDPR Gap Analysis cover?

One of our data protection consultants will assess your organisation’s privacy management and data protection practices in the following areas:

 Governance

The extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.

Risk management

Your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.

 Privacy by design

The extent to which data protection by design has been incorporated into the development of your systems, services, products and/or processes.

DPO (data protection officer)

Whether your organisation is required to appoint a DPO, whether one has been appointed and, if so, whether they meet the Regulation’s requirements.

 Roles and responsibilities

The extent to which your organisation has defined and established appropriate roles and responsibilities, and delivered appropriate training and awareness.

Rights of data subjects

The processes your organisation has implemented to facilitate and respond to data subjects exercising their rights under the GDPR/DPA (Data Protection Act) 2018.

 PIMS (personal information management system)

The extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.

ISMS (information security management system)

Your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.

 Scope of compliance

Whether your organisation has clearly defined the scope of its GDPR compliance, taking account of all data processing in which it has a part, whether as data controller or processor, as well as any data sharing

What you can expect 

Our GDPR specialist will analyse your existing data protection and privacy arrangements and documentation, including interviews with key managers in areas such as IT, privacy, operations, HR, marketing and finance.

Following this, you will receive a report of the findings, which will be presented at a one-hour meeting. The report outlines the areas of compliance and any improvement, providing further recommendations to help you address the issues identified.

See sample report snippets below or download a full sample GDPR Gap Analysis report here.

Radar chart


Radar Chart Example

What does this mean?

The RADAR chart is an at-a-glance view of where your data protection practices are strong and where you can improve across each control area.

Each control and each area of the report is rated red, amber or green to show whether your current level of complianceis inappropriate (red), potentially appropriate (amber) or appropriate (green). Inadequate areas need to be addressed first.

Radar results


Radar Chart Example 2

What does this mean?

A red finding means that you do not demonstrate enough assurance that you are meeting the requirement, given the risk in your data protection context.

Area breakdown


Area Breakdown Example Report

What does this mean?

Each area is further broken down into control themes. Where a particular area is more important for an organisation, we look for a higher level of assurance. This approach makes it easier for you to see where to focus your resources.

What our customers say

"DQM GRC initially conducted a GDPR readiness review which highlighted a number of areas the team at Pearson needed to work on to be ready for the GDPR. Since the review they have been supporting us on site with our data mapping and records and processing. We have found their team to be supportive and helpful which has enabled us to move forward with our overall GDPR plan."

Client Review
Stephen McCartney EU Director of Privacy, Pearson

Why DQM GRC?

  • An award-winning data privacy consultancy and one of the longest-established specialist data protection consultancies in the UK.
  • Our clients range from multinational corporations to small family-run businesses.
  • We can draw on expert help from across GRC International Group, including hands-on implementation delivery, training, information security services, data protection legal and compliance assistance, and data protection software.
Bespoke GDPR Gap Analysis

Service Benefits

  • Get an accurate picture of your GDPR compliance posture across your business.
  • Carried out by an independent and experienced data protection consultant.
  • Receive a detailed report that includes compliance scores, charts, recommendations and an action plan.
  • Talk through any questions with the Consultant post report delivery.

Speak to us about GDPR gap analysis today

Speak to an expert to find out more about this service and how it may suit your business requirements. Simply fill in the form and someone will contact you within 24 hours to arrange a call.

Speak to an expert