Skip to Main Content
IT Governance is now a GRC Solutions company. Find out more
GDPR Gap Analysis

GDPR Gap Analysis

SKU: 4836
Format: Consultancy

Outdated documentation, limited in-house expertise and increasing expectations from stakeholders are all putting pressure on compliance teams. Our GDPR Gap Analysis service helps you get ahead of it all by assessing the extent of your organisation’s compliance with the GDPR and the DPA 2018 using our unique GDPR RADAR™ methodology. You’ll receive a detailed view of where your documentation and practices may no longer align, with practical advice to bring them up to date.

What you’ll get:

  • A full analysis of your GDPR compliance, conducted remotely or in person
  • A detailed report with scores across nine key areas and clear remediation advice
  • Expert insight from experienced data protection practitioners
  • Evidence of accountability you can share with stakeholders, regulators or clients

This service is provided by IT Governance’s sister company DQM GRC, a specialist in data privacy compliance, data quality, and regulatory audits.  

DQM Logo
For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service
Description

Why run a GDPR Gap Analysis now?

  • Your compliance may no longer reflect how your organisation operates
    Business evolves — but compliance doesn’t always keep up. If you’ve entered new markets, launched new services or adopted new tools, your data protection documentation may now be out of step with how you work. A GDPR Gap Analysis helps you identify those discrepancies and update your processes accordingly.
  • Managing GDPR alongside other responsibilities is a challenge
    In many organisations, the person responsible for data protection is also juggling other priorities. Without dedicated expertise or legal support, staying on top of GDPR requirements can be difficult. This service gives you access to specialist knowledge and clear, practical advice — without the need to hire in-house.
  • Stakeholders expect evidence of compliance
    Clients, regulators and partners increasingly expect organisations to demonstrate accountability, not just promise it. Internal reviews have their place, but an independent assessment offers objective proof that you're taking GDPR seriously. The resulting report can be used to support audits, build trust, and show progress over time.

What a GDPR Gap Analysis involves

Our data protection consultants will assess your organisation’s privacy management and data protection practices through an on-site review of the following areas:

  1. Governance –  the extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.
  2. Risk management –  your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.
  3. Privacy by design –  the extent to which data protection by design has been incorporated into the development of your systems, services, products and/or processes.
  4. DPO (data protection officer) –  whether your organisation is required to appoint a DPO, whether one has been appointed and, if so, whether they meet the Regulation’s requirements.
  5. Roles and responsibilities –  the extent to which your organisation has defined and established appropriate roles and responsibilities, and delivered appropriate training and awareness.
  6. Scope of compliance –  whether your organisation has clearly defined the scope of its GDPR compliance, taking account of all data processing in which it has a part, whether as data controller or processor, as well as any data sharing.
  7. PIMS (personal information management system) –  whether your organisation has implemented a PIMS that documents its GDPR/DPA 2018 compliance, and addresses staff training and awareness.
  8. ISMS (information security management system) –  whether your organisation has implemented an ISMS to meet the GDPR’s requirements for “appropriate technical and organisational measures” in order to ensure the security of the personal data it processes.
  9. Rights of data subjects –  the processes your organisation has implemented to facilitate and respond to data subjects exercising their rights under the GDPR/DPA 2018.

 Download sample report


What to expect

A GDPR specialist will interview key managers and perform an analysis of your existing data protection and privacy arrangements and documentation.

Following this, you will receive a gap analysis report of the findings. The report outlines the areas of compliance and improvement, providing further recommendations for the proposed GDPR compliance project. You’ll also have the opportunity to discuss the findings with your consultant once you receive the report, to make sure you understand the score and allow you to discuss the remediation strategy.

Please click on each image for a closer look:

Free brochure download: GDPR Q4 Report 2019
Free brochure download: GDPR Q4 Report 2019
Free brochure download: GDPR Q4 Report 2019

GDPR Benchmark Report 2024

Find out how you compare with organisations of your size and industry with our GDPR Benchmark Report, based on the findings of four years of GDPR gap analyses.

 Download now

Why choose us?

Why choose us?

  • Your practices will be assessed by an experienced data protection practitioner that will have your organisation’s objectives in mind.
  • The report will include practical advice for becoming compliant.
  • Our net promoter score for data protection consultancy is over 80+, making our services “world-class”.
  • We can offer other services, training, books and tools to assist you in your GDPR or PECR compliance journey.
Conditions

If your business is located outside mainland UK (England, Scotland and Wales), additional expenses will be charged to accommodate our consultant’s travel for the on-site assessment.

See requirements for payment of purchases online by purchase order

Download the service description for more information

Customer Reviews

(5.00)stars out of 5
Number of reviews: 4
1. on 04/02/2022, said:
5 stars out of 5
Required as part of a wider bespoke GDPR Consultancy Package - straightforward and helpful engagement throughout and recommended as a standalone solution or part of wider project needs - does what it says on the tin - Thank you
2. on 22/11/2021, said:
5 stars out of 5
My Company wanted support in reviewing our GDPR Compliance and identifying starting points for any changes needed. I was supported by Kevin Downs from the Sales Team in selecting IT Governance/DQM GRC GDPR Gap Analysis service for the Group and this service turned out to be absolutely the right solution for us. Ably delivered by Martin Fletcher whose knowledge of the subject and his willingness to adapt to fit into a schedule that suited our business needs was very welcome indeed. The service completely met with expectations and the whole process from start to finish was very helpful indeed. This is a worthwhile solution that is wholeheartedly recommended.
3. on 16/07/2021, said:
5 stars out of 5
As always, I'm delighted from the level of professionalism provided by ITGovernance.co.uk across all their services offerings - the GAP Analysis covered everything with great level of clarity both on technical and legal aspects of the exercise.
Showing comments 1-3 of 3
Book
of the
month
Loading...