Our GDPR Gap Analysis Service is a robust assessment of your organisation’s GDPR (General Data Protection Regulation) compliance levels, designed to help you move forward with practical GDPR compliance advice.

We specialise in working with large or complex organisations, enabling them to understand how to apply the GDPR to their business practices. Our consultants will work with you to understand your requirements and assess your organisation’s data protection practices using our proprietary GDPR RADAR™ tool to determine if they meet the requirements of the Regulation.

We will interview your key teams to establish the maturity of your compliance activities against the ICO’s (Information Commissioner’s Office) audit framework and other requirements, such as the PCI DSS (Payment Card Industry Data Security Standard).

We can work remotely or from your offices. Following the assessment, we will show you the results, answer any questions you have and give you a report with advice on what to do next.

Discover more about our GDPR Gap Analysis Service below or fill in a form to speak to one of our experts.

What is a GDPR gap analysis?

A GDPR gap analysis is a process that helps organisations identify areas where their data protection practices do not align with the requirements of the GDPR. By conducting a gap analysis, organisations can develop a plan to address any areas of non-compliance and improve their overall data protection programme.

What does the GDPR Gap Analysis Service cover?

A full analysis of your GDPR compliance position, bespoke to you. One of our data protection consultants will assess your organisation’s privacy management and data protection practices in the following areas:


  • How well does your organisation monitor data protection compliance through policies, procedures, controls and reporting mechanisms?

Risk management

  • What arrangements does your organisation have in place for managing privacy risks?
  • To what extent are risks to data subjects’ rights and freedoms incorporated into your organisation’s overall risk management strategy?

 Privacy by design

  • To what extent has data protection by design been incorporated into the development of your systems, services, products and/or processes?

DPO (data protection officer)

  • Does your organisation need to appoint a DPO?
  • If so, does the DPO meet the requirements of the Regulation?

 Roles and responsibilities

  • Does your organisation have defined roles and responsibilities?
  • Has it delivered appropriate training and awareness?

Rights of data subjects

  • What measures has your organisation taken to facilitate and respond to individuals exercising their rights under the GDPR/DPA (Data Protection Act) 2018?

 PIMS (personal information management system)

  • What data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms does your organisation have in place?

ISMS (information security management system)

  • What are your organisation’s arrangements for privacy risk management?
  • To what extent are information-specific risks incorporated into corporate risk management?
  • To what extent are risks to the rights and freedoms of data subjects addressed?

 Scope of compliance

  • Is your organisation’s GDPR compliance scope clearly defined, considering all data processing it is involved in, as both data controller and processor, as well as any data sharing?

What can you expect?

Our GDPR specialist will analyse your data protection and privacy arrangements and documentation, and interview key managers in areas such as IT, privacy, operations, HR, marketing and finance. Following the assessment, we will present the results, giving you the opportunity to ask questions, and provide a report of our analysis.

See sample report snippets below or download a full sample GDPR Gap Analysis report here.

More about our GDPR RADAR tool

Our GDPR gap analysis report includes RADAR charts, such as the below, to demonstrate which areas are compliant or non-compliant and to what extent. They are accompanied by in-depth descriptions to ensure you fully understand the results.

RADAR chart

Radar Chart Example

What does this mean?

Each control and each area of the report is rated red, amber or green to show whether your current level of compliance is inadequate (red), potentially adequate (amber) or adequate (green). Inadequate areas need to be addressed first.

RADAR results

Radar Chart Example 2

What does this mean?

A red finding means that you do not demonstrate enough assurance that you are meeting the requirement, given the risk in your data protection context.

Area breakdown

Area Breakdown Example Report

What does this mean?

Each area is further broken down into control themes. Where a particular area is more important for an organisation, we look for a higher level of assurance. This approach makes it easier for you to see where to focus your resources.

Examples of how we’ve helped our customers

“My company wanted support in reviewing our GDPR Compliance and identifying starting points for any changes needed. I was supported by Kevin Downs from the Sales Team in selecting IT Governance/DQM GRC GDPR Gap Analysis service for the Group and this service turned out to be absolutely the right solution for us. Ably delivered by Martin Fletcher whose knowledge of the subject and his willingness to adapt to fit into a schedule that suited our business needs was very welcome indeed. The service completely met with expectations and the whole process from start to finish was very helpful indeed. This is a worthwhile solution that is wholeheartedly recommended. ”

Client Review
Katie, Danbro

“Lead 365 have worked with DQM GRC for over 3 years. Initially, we wanted them to review and highlight areas the business and team needed to work on to be ready for GDPR. We found their process and the consultants we worked with to be professional and efficient. The high-quality of the service received has improved our compliance and aided our success as a business. We continue to partner with them to review, update and help evolve the businesses framework to ensure that our data is as protected as possible. I would highly recommend their services on the GAP analysis and on-going support with DPIAs and ROPAs.”

Client Review
Director, Lead 365

“DQM’s gap analysis service has been very useful for our business. The analysis has helped us thoroughly assess our data compliance activities, including reviewing how things are now and identifying areas for improvement in the future, all of which will factor into our ongoing data compliance work. The audit process was simple and well-signposted, and through the interviews we felt like the consultant was able to really understand our business and our data flows. These were reflected in the report’s findings which were clear, relevant and helpful. The report itself has also been instrumental in reporting to our board of directors.”

Client Review


  • An award-winning data privacy and GDPR consultancy and one of the longest-established specialist data protection consultancies in the UK.
  • Our clients range from multinational corporations to small family-run businesses.
  • As part of GRC International Group, we can draw on expert help from across the Group companies, including hands-on implementation delivery, training, information security services, data protection legal and compliance assistance, and data protection software.
Bespoke GDPR Gap Analysis

Service benefits

  • Get an accurate picture of your organisation’s GDPR compliance posture.
  • Carried out by an independent and experienced data protection consultant.
  • Receive a detailed report that includes compliance scores, charts, recommendations and an action plan.
  • Ask the consultant any questions after the report delivery.

Speak to us about our GDPR Gap Analysis Service today

Speak to an expert to find out more about this service and how it may suit your business requirements. Simply fill in the form and someone will contact you within 24 hours to arrange a call.

Speak to an expert