Our GDPR gap analysis is a robust assessment of your assurance levels using our proprietary GDPR Radar™ tool.

This tool assesses whether your assurance levels are appropriate for your organisation, given its unique data protection context.

We interview your key teams to establish the maturity of your assurance against over 350 control areas defined according to the ICO’s audit framework and other requirements such as PCI DSS.

The result is a bespoke report that shows you where you are doing well and where you should focus your attention. The review typically takes three days and can be delivered remotely. Your results will be delivered in a one hour meeting, where you can ask questions, and a written report.

Discover more about our GDPR Gap Analysis service below 
GDPR Gap Analysis Tool

What will a GDPR gap analysis cover?

Our data protection consultants will assess your organisation’s privacy management and data protection practices through a review of the following areas:

 Governance

The extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.

Risk management

Your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.

 Privacy by design

The extent to which data protection by design has been incorporated into the development of your systems, services, products and/or processes.

DPO (data protection officer)

Whether your organisation is required to appoint a DPO, whether one has been appointed and, if so, whether they meet the Regulation’s requirements.

 Roles and responsibilities

The extent to which your organisation has defined and established appropriate roles and responsibilities, and delivered appropriate training and awareness.

Rights of data subjects

The processes your organisation has implemented to facilitate and respond to data subjects exercising their rights under the GDPR/DPA 2018.

 PIMS (personal information management system)

The extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.

ISMS (information security management system)

Your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.

 Scope of compliance

Whether your organisation has clearly defined the scope of its GDPR compliance, taking account of all data processing in which it has a part, whether as data controller or processor, as well as any data sharing

What you can expect 

A GDPR specialist will interview key managers in areas such as IT, Privacy, Operations, HR, Marketing and Finance and perform an analysis of your existing data protection and privacy arrangements and documentation.

Following this, you will receive a gap analysis report of the findings presented at a one hour meeting. The report outlines the areas of compliance and improvement, providing further recommendations to help you address the issues identified.

See sample report snippets below or download a full sample GDPR Gap Analysis report here.

Radar chart


Radar Chart Example

What does this mean?

Radar results


Radar Chart Example 2

What does this mean?

Area breakdown


Area Breakdown Example Report

What does this mean?

What comes next?

Your consultant can help you to implement the recommendations. Your support plan can be tailored to your requirements

Example Service 1 - A little help

Service Example 1

In two days, we could:

  • Run workshops with the individuals who will be responsible for implementing the actions, to ensure they understand what is required and to help them build a project delivery plan.
  • Provide a GDPR Document Toolkit service that contains templates for the policies and documentation you will require, for your team to tailor to your organisation.

Contact us

Example Service 2 - A lot of help

Service Example 2

In ten weeks, we could:

  • Provide hands-on Subject Matter Expert support and knowledge transfer to your team
  • Start each major workstream and begin to work through critical path activities with you
  • Provide more complex implementation support to your team.
  • View an example programme for an organisation starting from a low assurance base.
contact us
Bespoke GDPR Gap Analysis

Make it your own

Our GDPR Gap Analysis can be bespoked to your needs. We can:

  • Assess compliance with additional privacy-related laws such as the California Consumer Privacy Act (CCP) or the Privacy and Electronic Communications Regulation (PECR)
  • Assess compliance with your internal policies and procedures
  • Compare performance of business units, locations or other subdivisions of your organisation
  • Create an ongoing assessment programme to track performance over time
  • Build something specifically tailored to your needs and risks – just ask!

contact us