Page 1

[Note: to unprotect the worksheet, go to File then under Protect Workbook, click on the "Unprotect" link next to the worksheet you want to unlock. There is no password.]

Version:

1

Dated:

GDPR Gap Assessment Tool

dd/mm/yy [Name of approver]

Approval:

Note: this gap assessment must be conducted with reference to a copy of the GDPR

Chapter

Section

Article

Paragraph Requirements and Point

Compliant?

CHAPTER I - General provisions Article 1 Subject-matter and objectives Article 2 Material scope

All All

Article 3 Territorial scope

All

Article 4 Definitions

All

None - informational only Has it been established that the GDPR applies to the personal data processing activities that the organisation undertakes? Has it been established that the GDPR applies, based on the data subjects whose personal data we process? None - informational only Total:

Yes Yes

2

CHAPTER II - Principles Article 5 - Principles relating to processing of personal data

1a

Are personal data processed lawfully, fairly and transparently?

Yes

1b

Are personal data collected for specified, explicit and legitimate purposes? Are the personal data collected adequate, relevant and limited to what is necessary? Are personal data is accurate and, where necessary, kept up to date? Are personal data kept for no longer than is necessary?

Yes

1f

Are personal data processed in a manner that ensures its appropriate security?

Yes

2

As the controller, can we demonstrate compliance with all principles? Has the lawful basis for processing of all personal data been established?

Yes

1c 1d 1e

Article 6 - Lawfulness of processing

Article 7 - Conditions for consent

Article 8 - Conditions applicable to child's consent in relation to information society services Article 9 - Processing of special categories of personal data Article 10 - Processing of personal data relating to criminal convictions and offences Article 11 - Processing which does not require identification

1

Yes Yes Yes

Yes

2

None - informational only

3

None - informational only

4

For additional processing, has compatibility with the initial purpose been established in compliance with the required criteria?

Yes

Can consent be demonstrated in all cases? Are all requests for consent clearly distinguishable? Are facilities for consent withdrawal in place? Is consent freely given in all cases? For children, has consent been given by the holder of parental responsibility in all cases? Is all processing of special categories of personal data clearly justified? None - informational only

Yes Yes Yes Yes Yes

Have processing cases where the data subject cannot be identified, been defined?

Yes

1 2 3 4 All All All All

Total:

Yes

16

CHAPTER III - Rights of the data subject Section 1 - Transparency and modalities Article 12 - Transparent information, communication and modalities for the exercise of the rights of the data subject

1

Is all information provided to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and in the required formats?

Yes

Action required to achieve compliance

Action owner


Gap Assessment Results General Data Protection Regulation

GDPR Chapter and Section

CHAPTER I - General provisions CHAPTER II - Principles CHAPTER III - Section 1 - Transparency and modalities CHAPTER III - Section 2 - Information and access to personal data CHAPTER III - Section 3 - Rectification and erasure CHAPTER III - Section 4 - Right to object and automated individual decision-making CHAPTER III - Section 5 - Restrictions CHAPTER IV - Section 1 - General obligations CHAPTER IV - Section 2 - Security of personal data CHAPTER IV - Section 3 - Data protection impact assessment and prior consultation CHAPTER IV - Section 4 - Data protection officer CHAPTER V - Transfers of personal data Totals

Number of requirements in section

Number of requirements applicable

2 16 6 12 10 9 2 24 13 11 14 9 128

2 16 6 12 10 9 2 24 13 11 14 9 128

Number of % Compliant applicable requirements met

2 16 6 12 10 9 2 24 13 11 14 9 128

100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%


Level of Compliance to the GDPR

Number of Requirements

30

25

20

15

10

5

0

GDPR Chapter/Section

Number of requirements applicable Number of applicable requirements met


Percentage Compliance to the GDPR

100%

Percentage requirements met

90% 80% 70%

60% 50%

40% 30% 20%

10% 0%

GDPR Chapter/Section


Percentage Compliance to the GDPR Radar Chart

CHAPTER I - General provisions 100%

CHAPTER V - Transfers of personal data

90%

CHAPTER II - Principles

80% 70%

CHAPTER IV - Section 4 - Data protection officer

60%

50%

CHAPTER III - Section 1 - Transparency and modalities

40% 30% 20% CHAPTER IV - Section 3 - Data protection impact assessment and prior consultation

10% 0%

CHAPTER IV - Section 2 - Security of personal data

CHAPTER III - Section 2 - Information and access to personal data

CHAPTER III - Section 3 - Rectification and erasure

CHAPTER IV - Section 1 - General obligations

CHAPTER III - Section 4 - Right to object and automated individual decision-making CHAPTER III - Section 5 - Restrictions

Profile for CertiKit Limited

GDPR-FORM-01-3 GDPR Gap Assessment Tool  

GDPR-FORM-01-3 GDPR Gap Assessment Tool  

Profile for public-it