Why Carry Out a GDPR Gap Analysis?

November 29, 2021
Brian Miller

Legal Counsel

View profile

In today’s fast-paced, ever-changing world, it is important to ensure any data you hold on behalf of data subjects is secure. It must also comply with data protection laws, a GDPR Gap Analysis can help with this.

By carrying out a GDPR Gap Analysis (otherwise known as a data protection audit), will help to determine whether your organisation has implemented certain policies and procedures to regulate the processing of personal data.  It will also help us to show whether or not your organisation’s policies are being followed when data is processed.

When an organisation complies with these requirements, it is effectively identifying and controlling risks to prevent breaching the UK GDPR and/or Data Protection Act 2018 (the Act) and is therefore protecting itself as much as possible in the event of a data breach and potential subsequent enquiry or audit by the Information Commissioner’s Office (ICO).

A failure to abide by a proper process can lead to a financial penalty. This is imposed by the ICO and possibly a legal claim from those whose data has been breached.  This can involve a number of data subjects, depending on the type and nature of the breach.  It can also result in unwanted publicity and which, in many cases, can seriously damage your organisation’s reputation or business.

An audit will typically assess your organisation’s procedures, systems, records, and activities in order to:

  • ensure the appropriate policies and procedures are in place
  • verify that those policies and procedures are being followed
  • test the adequacy controls in place
  • detect breaches or potential breaches of compliance
  • recommend any indicated changes in control, policy, and procedure.

We will then make recommendations on how to mitigate the risks of non-compliance,. This can be done by reducing or minimising the chance of damage and distress to individuals. This also means reducing the possible regulatory action being taken against your organisation for a breach of the Act.  By carrying out a voluntary private audit, you will give your business or organisation the best chance of avoiding any sanctions in the event of non-compliance and subsequent investigation by the ICO.

For further information and pricing, please contact Brian Miller or Tim Heywood.