GDPR-FORM-01-3 GDPR Gap Assessment Tool

Page 1

Please note: This sample only shows part of the Gap Assessment Tool

VERSION: DATED: APPROVAL:

GDPR Gap Assessment Tool Note: this gap assessment must be conducted with reference to a copy of the GDPR CHAPTER/SECTION

ARTICLE

CHAPTER I: General Provisions

Article 1 - Subject-matter and objectives

PARAGRAPH AND POINT REQUIREMENTS All

None - informational only

Article 2 - Material scope

All

Article 3 - Territorial scope

All

Article 4 - Definitions

All

Has it been established that the GDPR applies to the personal data processing activities that the organisation undertakes? Has it been established that the GDPR applies, based on the data subjects whose personal data we process? None - informational only

Article 5 - Principles relating to processing of personal data

1a

COMPLIANT? ACTION REQUIRED TO ACHIEVE COMPLIANCE

Totals:

CHAPTER II: Principles

Are the personal data collected adequate, relevant and limited to what is necessary?

Yes

1d

Are personal data is accurate and, where necessary, kept up to date? Are personal data kept for no longer than is necessary? Are personal data processed in a manner that ensures its appropriate security? As the controller, can we demonstrate compliance with all principles? Has the lawful basis for processing of all personal data been established? None - informational only None - informational only For additional processing, has compatibility with the initial purpose been established in compliance with the required criteria? Can consent be demonstrated in all cases?

Yes

Are all requests for consent clearly distinguishable? Are facilities for consent withdrawal in place? Is consent freely given in all cases? For children, has consent been given by the holder of parental responsibility in all cases?

Yes

Is all processing of special categories of personal data clearly justified? None - informational only

Yes

Have processing cases where the data subject cannot be identified, been defined?

Yes

2 1 2 3 4

1 2 3

Article 8 - Conditions applicable to child's consent in relation to information society services Article 9 - Processing of special categories of personal data Article 10 - Processing of personal data relating to criminal convictions and offences Article 11 - Processing which does not require identification

2

1c

1f

Article 7 - Conditions for consent

Yes

Yes

1e

Article 6 - Lawfulness of processing

Yes

Are personal data processed lawfully, fairly and transparently? Are personal data collected for specified, explicit and legitimate purposes?

1b

4 All

All All

All

1 dd/mm/yyyy [Name of approver]

Totals:

Yes

Yes Yes Yes Yes

Yes

Yes

Yes Yes Yes

16

ACTION OWNER


GDPR Gap Assessment dashboard Gap assessment results

To refresh chart data, click on “Refresh All” on the Data ribbon.

GDPR CHAPTER AND SECTION

REQS IN SECTION REQS APPLICABLE REQS MET

CHAPTER I: General provisions CHAPTER II: Principles CHAPTER III: Section 1 - Transparency and modalities CHAPTER III: Section 2 - Information and access to personal data CHAPTER III: Section 3 - Rectification and erasure CHAPTER III: Section 4 - Right to object and automated individual decision-making CHAPTER III: Section 5 - Restrictions CHAPTER IV: Section 1 - General obligations CHAPTER IV: Section 2 - Security of personal data CHAPTER IV: Section 3 - Data protection impact assessment and prior consultation CHAPTER IV: Section 4 - Data protection officer CHAPTER V: Transfers of personal data Total

2 16 6 12 10 9 2 24 13 11 14 9 128

2 16 6 12 10 10 2 25 13 11 14 9 130

PERCENTAGE COMPLIANCE

2 16 6 12 10 10 2 25 13 11 14 9 130

Percentage Compliance to the GDPR Radar Chart

100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%

CHAPTER V: Transfers of personal data

CHAPTER IV: Section 4 - Data protection officer

CHAPTER IV: Section 3 - Data protection impact assessment and prior consultation

CHAPTER I: General provisions 100% CHAPTER II: Principles 90% 80% 70% 60% CHAPTER III: Section 1 - Transparency 50% and modalities 40% 30% 20% 10% CHAPTER III: Section 2 - Information and 0% access to personal data

Level of Compliance to the GDPR REQS MET

CHAPTER IV: Section 2 - Security of personal data

REQS APPLICABLE

CHAPTER III: Section 3 - Rectification and erasure CHAPTER III: Section 4 - Right to object and automated individual decisionmaking CHAPTER III: Section 5 - Restrictions

2

CHAPTER IV: Section 1 - General obligations

CHAPTER I: General provisions 2

16 CHAPTER II: Principles 16

6 CHAPTER III: Section 1 - Transparency and modalities 6

Percentage Compliance to the GDPR 12

CHAPTER III: Section 2 - Information and access to personal data 12

100%

100%

10 CHAPTER III: Section 3 - Rectification and erasure

90%

10

80%

10 CHAPTER III: Section 4 - Right to object and automated individual decision-making

70% 10

60%

2

50%

CHAPTER III: Section 5 - Restrictions 2

40% 25

30%

25

20%

CHAPTER IV: Section 1 - General obligations

10%

13

CHAPTER IV: Section 2 - Security of personal data

0%

13 11

CHAPTER IV: Section 3 - Data protection impact assessment and prior consultation 11 14

CHAPTER IV: Section 4 - Data protection officer 14 9

CHAPTER V: Transfers of personal data 9 0

5

10

15

20

25

100%

100%

100%

100%

100%

100%

100%

100%

100%

100%

100%