Please
GDPRGapAssessmentTool
Note:thisgapassessmentmustbeconductedwithreferencetoacopyoftheGDPR
CHAPTERI:GeneralProvisions Article1 Subject-matterand objectives All None informationalonly
Article2 Materialscope All HasitbeenestablishedthattheGDPR appliestothepersonaldataprocessing activitiesthattheorganisation undertakes?
Article3 Territorialscope All HasitbeenestablishedthattheGDPR applies,basedonthedatasubjectswhose personaldataweprocess?
Article4 Definitions All None informationalonly
CHAPTERII:Principles Article5 Principlesrelatingto processingofpersonaldata
Yes
Yes
VERSION: DATED: APPROVAL:
1 dd/mm/yyyy [Nameofapprover]
Totals: 2
1a Arepersonaldataprocessedlawfully, fairlyandtransparently? Yes
1b Arepersonaldatacollectedforspecified, explicitandlegitimatepurposes? Yes
1c Arethepersonaldatacollectedadequate, relevantandlimitedtowhatisnecessary? Yes
1d Arepersonaldataisaccurateand,where necessary,keptuptodate? Yes
1e Arepersonaldatakeptfornolongerthan isnecessary? Yes
1f Arepersonaldataprocessedinamanner thatensuresitsappropriatesecurity? Yes
2 Asthecontroller,canwedemonstrate compliancewithallprinciples? Yes
Article6 Lawfulnessof processing 1 Hasthelawfulbasisforprocessingofall personaldatabeenestablished? Yes
2 None informationalonly
3 None informationalonly
4 Foradditionalprocessing,has compatibilitywiththeinitialpurpose beenestablishedincompliancewiththe requiredcriteria?
Yes
Article7 Conditionsfor consent 1 Canconsentbedemonstratedinallcases? Yes
2 Areallrequestsforconsentclearly distinguishable? Yes
3 Arefacilitiesforconsentwithdrawalin place? Yes
4 Isconsentfreelygiveninallcases? Yes
Article8 Conditionsapplicable tochild'sconsentinrelationto informationsocietyservices
All Forchildren,hasconsentbeengivenby theholderofparentalresponsibilityinall cases?
Yes
Article9 Processingofspecial categoriesofpersonaldata All Isallprocessingofspecialcategoriesof personaldataclearlyjustified? Yes
Article10-Processingof personaldatarelatingto criminalconvictionsand offences
All None informationalonly
Article11-Processingwhich doesnotrequireidentification All Haveprocessingcaseswherethedata subjectcannotbeidentified,been defined?
Yes
Totals: 16
note: This sample shows only a section of the complete Gap Assessment tool.
GDPRGapAssessmentdashboard
CHAPTERI:Generalprovisions
CHAPTERV:Transfers ofpersonaldata
CHAPTERIV:Section4 Dataprotection officer
CHAPTERIV:Section3 Dataprotection impactassessmentandprior consultation
CHAPTERIV:Section2- Security of personaldata
CHAPTERII:Principles
CHAPTERIII:Section1 Transparency andmodalities
CHAPTERIII:Section2- Informationand accesstopersonaldata
CHAPTERIII:Section3 Rectification and erasure
CHAPTERI:Generalprovisions
CHAPTERII:Principles
CHAPTERIII:Section1- Transparencyandmodalities
CHAPTERIII:Section2- Informationandaccess topersonal data
CHAPTERIII:Section3- Rectification anderasure
CHAPTERIII:Section4- Righttoobjectandautomatedindividualdecision-making
CHAPTERIII:Section5- Restrictions
CHAPTERIV:Section1 General obligations
CHAPTERIV:Section2 Security ofpersonaldata
CHAPTERIV:Section3- Dataprotectionimpactassessmentandpriorconsultation
CHAPTERIV:Section4- Dataprotectionofficer
CHAPTERIV:Section1 General obligations
CHAPTERIII:Section4- Righttoobject andautomatedindividual decisionmaking
CHAPTERIII:Section5 Restrictions