GDPR & Data Protection Gap Analysis Assessments

A gap analysis exercise is the best starting point to any compliance programme or when implementing a management system. It helps you understand your current state, the areas of risk and the scale of work required to achieve your target state. It will also help you to define your project plan including milestones and key stakeholders.

Our data protection and gap analysis services help you identify how well your organisation meets with or complies with statutory or regulatory requirements and best practice. We can provide a high level assessment or deep dive review for the following areas:

  • General Data Protection Regulation & Data Protection Act 2018
  • PECR and Direct Marketing
  • NCSC / ICO GDPR Security Outcomes Guidance
  • BS10012 Personal Information Management System
  • Good Data Protection Working Practices

Our Methodology


Before starting an assessment, we carry out a scoping exercise with you during which we’ll discuss and agree the regulation, standard or guidance to compare your data processing and data protection compliance against and the scope of the engagement. We’ll also discuss and agree the number of consultancy days required to deliver the service. The number of days will depend on the type and scope of the assessment and your objectives.

Specialist Expertise

A specialist data protection consultant will scope and lead the engagement. The consultant will be supported by other specialists where appropriate (such as information security specialists).

At the outset we gather information about your organisation. This is important to understanding the nature and sensitivity of the personal data you process, the information systems you use, the regulatory environment in which you operate and the potential impact of a personal data breach on data subjects and your organisation. During the assessment, our consultant will gather information from your stakeholders in a variety of ways, depending on the size, locations and nature of your organisation.

Detailed Report & Debrief

Once we have the required information, we’ll create and provide you with a written report setting out our consultant’s findings and recommendations. We measure your current state using our maturity model. We also arrange a post report review meeting with you, at which we present our findings, answer any questions you have and discuss next steps.

Ongoing Support

Following the gap analysis engagement, we can support you to remediate the issues identified by our consultant. Our specialists can help prepare and manage an ongoing ‘get well’ programme of activities, assist with strategy and help with ongoing privacy programme management.


Need a GDPR Gap Analysis?

Please get in touch. You can call us or request a call back using our contact form. We’d love to talk with you and promise no hard sell.

Get In Touch

Our other GDPR & Data Protection Services