EUGDPR Gap Analysis
Digital Training Consulting Services and data privacy management team helps to support organisations to achieve EU GDPR compliance, by conducting a Gap Analysis Health Check.
Our 4 Step Compliance Process starts with
STEP 1 – Complete a Triage Data Assessment Form
STEP 2 – Attend a 30 minute telephone call or 60 minute 1-2-1 consultation session
STEP 3 – Agree next step an action plan by
A: Book onto a Training Courses
B: Book a further Fact Find Discovery Session or
C: Order a Fully Gap Analysis Report Health Check
STEP 4 – Select an On-going Support Package (Monthly, Quarterly, Bi-Annually, or Annually Review)
The EU GDPR Gap Analysis Health Check Report is has three phase approach;
- Document Review,
- On-site workshops and interviews
- Gap Analysis Reporting.
Prior to facilitating the on-site workshops, the Digital Training consultant will request a number of documents. These will be reviewed to provide the background information and an understanding of your current privacy risk position.
This will include documentation relating to privacy, security, risk management and information data governance. Below are typical examples of documents that are reviewed.
- Organisational Chart
- Risk Management Policy and Process
- Security Policies
- Data Retention and Destruction Policy
- Security Awareness and Training information
- Incident management policy & processes
- Key organisational governance process documents or procedures
- Network topology – a high level view of the environment.
- Data Classification or Data Impact Assessment report/output
- Third party contract agreements
Workshops and Interviews
The workshops will cover the nine domains of data privacy – governance, policies and procedures, awareness, data subject management, third parties, risk management, access management, incident management and compliance. To cover all these domains we will conduct workshops with the following teams/business units:
- Data Owners & Business Process Owners
- In-House Legal Counsel
- Marketing & Sales
- CISO, Head of IT or Information Security (responsible for the organisation’s risk and compliance)
- Info Security Team (Managers/Analysts)
- Be Human Resources
- Training and Development (cyber security awareness and training)
- IT, Networks & Applications Manager/Development Business Manager
- Disaster Recovery Manager/Business Continuity Manager
- Service Delivery Management (allocation of access rights and security incident reporting)
- Service Provider Management
Gap Analysis Reporting
The Gap Analysis Report, is a formal report, which details all controls requirements, findings, and recommendations. It will be delivered in 2 formats an pdf version report will be a point time snapshot of your organisation GDPR risks and issues which will need to be remediated and fixed.
In addition, the report will be delivered in an excel report format which will help you with the ongoing tracking and monitoring of the risks and issues.
Our ongoing support packages can help your business or organisation with support and advice to fix weak control deficiencies.
Security Domain – GDPR Article 32
All organisation are required to take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
The data controller and the data processor are responsible to implement appropriate technical and organisational measures to ensure a level of security is appropriate to the risks identified.