EUGDPR Gap Analysis

Digital Training Consulting Services and data privacy management team helps to support organisations to achieve EU GDPR compliance, by conducting a Gap Analysis Health Check.

Compliance Process

Our 4 Step Compliance Process starts with

STEP 1 – Complete a Triage Data Assessment Form

STEP 2 – Attend a 30 minute telephone call or 60 minute 1-2-1 consultation session

STEP 3 – Agree next step an action plan by

A: Book onto a Training Courses
B: Book a further Fact Find Discovery Session or
C: Order a Fully Gap Analysis Report Health Check

STEP 4 – Select an On-going Support Package (Monthly, Quarterly, Bi-Annually, or Annually Review)

Data security concept. Black folder and lock. 3D isolated on white

The EU GDPR Gap Analysis Health Check Report is has three phase approach;

  • Document Review,
  • On-site workshops and interviews
  • Gap Analysis Reporting.

Document Review

Prior to facilitating the on-site workshops, the Digital Training consultant will request a number of documents. These will be reviewed to provide the background information and an understanding of your current privacy risk position.

This will include documentation relating to privacy, security, risk management and information data governance. Below are typical examples of documents that are reviewed.


  • Organisational Chart
  • Privacy Policy
  • Risk Management Policy and Process
  • Security Policies
  • Data Retention and Destruction Policy
  • Security Awareness and Training information
  • Incident management policy & processes
  • Key organisational governance process documents or procedures
  • Network topology – a high level view of the environment.
  • Data Classification or Data Impact Assessment report/output
  • Third party contract agreements

Workshops and Interviews

The workshops will cover the nine domains of data privacy – governance, policies and procedures, awareness, data subject management, third parties, risk management, access management, incident management and compliance. To cover all these domains we will conduct workshops with the following teams/business units:

  • Data Owners & Business Process Owners
  • In-House Legal Counsel
  • Marketing & Sales
  • CISO, Head of IT or Information Security (responsible for the organisation’s risk and compliance)
  • Info Security Team (Managers/Analysts)
  • Be Human Resources
  • Training and Development (cyber security awareness and training)
  • IT, Networks & Applications Manager/Development Business Manager
  • Disaster Recovery Manager/Business Continuity Manager
  • Service Delivery Management (allocation of access rights and security incident reporting)
  • Service Provider Management

Gap Analysis Reporting

The Gap Analysis Report, is a formal report, which details all controls requirements, findings, and recommendations. It will be delivered in 2 formats an pdf version report will be a point time snapshot of your organisation GDPR risks and issues which will need to be remediated and fixed.

In addition, the report will be delivered in an excel report format which will help you with the ongoing tracking and monitoring of the risks and issues.

Our ongoing support packages can help your business or organisation with support and advice to fix weak control deficiencies.

Security Domain – GDPR Article 32

All organisation are required to take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

The data controller and the data processor are responsible to implement appropriate technical and organisational measures to ensure a level of security is appropriate to the risks identified.