A gap analysis exercise is the best starting point to any compliance programme or when implementing a management system. It helps you understand your current state, the areas of risk and the scale of work required to achieve your target state. It will also help you to define your project plan including milestones and key stakeholders.
Our data protection and gap analysis services help you identify how well your organisation meets with or complies with statutory or regulatory requirements and best practice. We can provide a high level assessment or deep dive review for the following areas:
Before starting an assessment, we carry out a scoping exercise with you during which we’ll discuss and agree the regulation, standard or guidance to compare your data processing and data protection compliance against and the scope of the engagement. We’ll also discuss and agree the number of consultancy days required to deliver the service. The number of days will depend on the type and scope of the assessment and your objectives.
A specialist data protection consultant will scope and lead the engagement. The consultant will be supported by other specialists where appropriate (such as information security specialists).
At the outset we gather information about your organisation. This is important to understanding the nature and sensitivity of the personal data you process, the information systems you use, the regulatory environment in which you operate and the potential impact of a personal data breach on data subjects and your organisation. During the assessment, our consultant will gather information from your stakeholders in a variety of ways, depending on the size, locations and nature of your organisation.
Once we have the required information, we’ll create and provide you with a written report setting out our consultant’s findings and recommendations. We measure your current state using our maturity model. We also arrange a post report review meeting with you, at which we present our findings, answer any questions you have and discuss next steps.
Following the gap analysis engagement, we can support you to remediate the issues identified by our consultant. Our specialists can help prepare and manage an ongoing ‘get well’ programme of activities, assist with strategy and help with ongoing privacy programme management.