GDPR Gap Analysis
Because you can’t solve a problem you don’t know you have!
The purpose of our Gap Analysis assessment service is to identify areas of non-compliance in relation to privacy and information rights law including the General Data Protection Regulation [GDPR], Data Protection Act(2018) [DPA], Privacy and Electronic Communications Regulations (2003) [PECR], Freedom of Information Act [FoIA], and the Environmental Information Regulations (2004) [EIR].
Our consultant will review documentation off-site to gain an understanding of the data processing activities and to prepare for the on-site assessment. During this review we will also determine the extent to which the documentation meets the requirements of the legislation. This initial work is built on through a visit to your site(s) to test the extent to which your policies, processes and procedures are implemented and working effectively.
The on-site element of the gap analysis typically takes one day as our consultants are experienced in getting under the skin of operations and assessing compliance. They do this through conducting interviews, workshops and observation.
Time on site is usually spent with those responsible for information governance, IT, HR, and marketing. A facility tour is essential and we like to engage with operational teams to test their understanding of the organisation’s policies and procedures.
Within a few weeks of the site visit you will receive a comprehensive report of our findings. The report contains a section on each of your obligations; an overview of the obligation and our findings backed up by evidence collected during the assessment. We will highlight non-compliance, provide advice about how to bring the area into compliance and make recommendations as to how we think the area can be improved based on our extensive experience.
If required we will create an action plan setting out our recommendations into a prioritized time-table.
“The DPP gap analysis was a great tool for giving us a sense-check on where our GDPR compliance program was up to. It enabled us to take stock of progress, and re-base our action plan. It tested areas we thought were compliant and provided some excellent advise to help us move forward efficiently and quickly.”
Send us a Message
Age Appropriate Design
The Age Appropriate Design Code of Practice (AADCOP) is an extension of the Data Protection Act 2018 that affects providers of information society services (services... Read More
GDPR Radio – News & Views
Tune-in and listen to our latest episode of GDPR Radio! 🎙️ GDPR Radio is a series of events run by the DPP. It is a... Read More
PECR: Direct Marketing
The Direct Marketing guidance in the Privacy and Electronic Communications Regulations (PECR) is 58 pages long and can be found on the ICO website. Alternatively, if you... Read More
Recent Cyber-Attack On Council’s: The Impact On Privacy Within Education Explained
Several schools across Bristol have been left without access to their computers and essential personal data – after being targeted by cybercriminals. A spokesperson for... Read More
GDPR Radio – News & Views
Click the link below to listen to our 3rd ever episode of GDPR Radio! GDPR Radio is a new series of events from the DPP.... Read More
Click the link below to listen to our second ever episode of GDPR Radio! GDPR Radio is a new series of events from the DPP.... Read More