Skip to Main Content
Select regional store:
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
GDPR Gap Analysis

GDPR Gap Analysis

SKU: 4836
Format: Consultancy
Published: 11 Apr 2017

The GDPR Gap Analysis service assesses the extent of your organisation’s compliance with the GDPR using our unique GDPR RADAR™ methodology, developed by our sister company DQM GRC™.

GDPR RADAR™ helps identify and prioritize the areas that you should address based on the same criteria used in supervisory authority audits, providing you with a radar chart pinpointing areas for improvement in nine key compliance areas.

  • Single-entity organizations with between 20 and 500 staff are eligible for the GDPR gap analysis.
  • For a bespoke service, contact us for a quote.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our sales team on +1 877 317 3454.

Price: $5,700.00

Understand your GDPR compliance requirements

Our data protection consultants will assess your organization’s privacy management and data protection practices through an on-site review of the following areas:

  1. Governance – the extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organization.
  2. Risk management – your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.
  3. Privacy by design – the extent to which data protection by design has been incorporated into the development of your systems, services, products, and/or processes.
  4. DPO (data protection officer) – whether your organization is required to appoint a DPO, whether one has been appointed and, if so, whether they meet the Regulation’s requirements.
  5. Roles and responsibilities – the extent to which your organization has defined and established appropriate roles and responsibilities, and delivered appropriate training and awareness.
  6. Scope of compliance – whether your organization has clearly defined the scope of its GDPR compliance, taking account of all data processing in which it has a part, whether as data controller or processor, as well as any data sharing.
  7. PIMS (personal information management system) – whether your organization has implemented a PIMS that documents its GDPR compliance, and addresses staff training and awareness.
  8. ISMS (information security management system) – whether your organization has implemented an ISMS to meet the GDPR’s requirements for “appropriate technical and organizational measures” in order to ensure the security of the personal data it processes.
  9. Rights of data subjects – the processes your organization has implemented to facilitate and respond to data subjects exercising their rights under the GDPR.

 Download service description

What to expect

A GDPR specialist will interview key managers and perform an analysis of your existing data protection and privacy arrangements and documentation.

Following this, you will receive a gap analysis report of the findings. The report outlines the areas of compliance and improvement, providing further recommendations for the proposed GDPR compliance project.

 Download sample report

Please click on each image for a closer look:

Free brochure download: GDPR Q4 Report 2019
Free brochure download: GDPR Q4 Report 2019
Free brochure download: GDPR Q4 Report 2019
  • The price quoted applies to single-entity organisations with 21 to 500 staff and with all key personnel (senior management, HR managers, compliance, IT, sales, marketing and procurement) based at a single site.
  • If your business is located outside mainland UK (England, Scotland and Wales), additional expenses will be charged to accommodate our consultant’s travel for the on-site assessment.

See requirements for payment of purchases online by purchase order

Why IT Governance?

Why choose us?

  • This service is delivered by DQM GRC, an award-winning data privacy consultancy and one of the longest-established specialist data protection consultancies in the UK.
  • Our privacy consultants have deep experience and an in-depth understanding of the GDPR and DPA 2018’s requirements and how they should be met.
  • Our clients range from multinational corporations to small family-run businesses.
  • We can draw on expert help from across GRC International Group, including hands-on implementation delivery, training, information security services, data protection legal and compliance assistance, and data protection software.
  • We provide a complete compliance support service to help organisations comply with the GDPR and DPA 2018, including data flow audits, DPIAs (data protection impact assessments), contract law and outsourced DPO services.
  • Our transparent proposals are fixed price, so you won’t get any surprises.
  • GDPR RADAR™ can be customised to examine not only the GDPR (or DPA 2018) but also the CCPA, ePrivacy Regulation, and other laws as required.

Customer reviews

This website uses cookies. View our cookie policy