GDPR Gap Analysis

Because you can’t solve a problem you don’t know you have!

Why consider a GDPR Gap Analysis?

The purpose of our Gap Analysis assessment service is to identify areas of non-compliance in relation to privacy and information rights law including the General Data Protection Regulation [GDPR], Data Protection Act(2018) [DPA], Privacy and Electronic Communications Regulations (2003) [PECR], Freedom of Information Act [FoIA], and the Environmental Information Regulations (2004) [EIR].

How do our GDPR gap assessments work?

Our consultant will review documentation off-site to gain an understanding of the data processing activities and to prepare for the on-site assessment. During this review we will also determine the extent to which the documentation meets the requirements of the legislation. This initial work is built on through a visit to your site(s) to test the extent to which your policies, processes and procedures are implemented and working effectively.

Expert GDPR Compliance Advice

The on-site element of the gap analysis typically takes one day as our consultants are experienced in getting under the skin of operations and assessing compliance. They do this through conducting interviews, workshops and observation.

Who should you involve?

Time on site is usually spent with those responsible for information governance, IT, HR, and marketing. A facility tour is essential and we like to engage with operational teams to test their understanding of the organisation’s policies and procedures.


Within a few weeks of the site visit you will receive a comprehensive report of our findings. The report contains a section on each of your obligations; an overview of the obligation and our findings backed up by evidence collected during the assessment. We will highlight non-compliance, provide advice about how to bring the area into compliance and make recommendations as to how we think the area can be improved based on our extensive experience.

Action Plan

If required we will create an action plan setting out our recommendations into a prioritized time-table.

What our customers say

“The DPP gap analysis was a great tool for giving us a sense-check on where our GDPR compliance program was up to. It enabled us to take stock of progress, and re-base our action plan. It tested areas we thought were compliant and provided some excellent advise to help us move forward efficiently and quickly.”

Contact Us

Send us a Message

Data Protection Project
GDPR Gap Analysis/Audit/Review
Outsourced Privacy Officer/DPO
Support Desk
SAR Support
Cyber Maturity Assessment
NIS Regulations
Information Governance Documentation
DataWise System

We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.

Latest Articles

to DPIA or not to DPIA

What is a DPIA? A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project.... Read MoreI

GDPR Radio – News & Views

During today’s session of GDPR Radio, we discussed the news of the week from the world of Data Protection. We kicked off the webinar by... Read MoreI

What is the Freedom of Information Act?

The Freedom of Information Act 2000 (FOI) provides the public with access to information held by public authorities. The FOI requires public authorities to publish... Read MoreI

skills shortage in the privacy space?

I’ve been reading about skills shortages in the news: HGV drivers, chefs, fruit pickers… and now that we have come to advertise several new posts... Read MoreI

Data Retention – Best Practices, Examples & More

We kicked off this session by discussing the news of the week, we spoke about online racism, Matt Hancock, wealth screening, ICO fines and more.... Read MoreI

GDPR Radio – News & Views

We host GDPR Radio every other Friday between 12:30-13:30, it’s a laid back, collaborative session where we discuss recent news, share our views and answer... Read MoreI