{' '} {' '}
Limited time offer
SAVE % on your upgrade.

Page 1

Please note: This page only shows a part of the complete Gap Assessment tool.

VERSION: DATED: APPROVAL:

GDPR Gap Assessment Tool Note: this gap assessment must be conducted with reference to a copy of the GDPR CHAPTER/SECTION

ARTICLE

PARAGRAPH AND POINT REQUIREMENTS

CHAPTER I: General Provisions

Article 1 - Subject-matter and objectives

All

None - informational only

Article 2 - Material scope

All

Article 3 - Territorial scope

All

Article 4 - Definitions

All

Has it been established that the GDPR applies to the personal data processing activities that the organisation undertakes? Has it been established that the GDPR applies, based on the data subjects whose personal data we process? None - informational only

Article 5 - Principles relating to processing of personal data

1a

COMPLIANT? ACTION REQUIRED TO ACHIEVE COMPLIANCE

Totals:

CHAPTER II: Principles

Are the personal data collected adequate, relevant and limited to what is necessary?

Yes

1d

Are personal data is accurate and, where necessary, kept up to date? Are personal data kept for no longer than is necessary? Are personal data processed in a manner that ensures its appropriate security? As the controller, can we demonstrate compliance with all principles? Has the lawful basis for processing of all personal data been established? None - informational only None - informational only For additional processing, has compatibility with the initial purpose been established in compliance with the required criteria? Can consent be demonstrated in all cases?

Yes

Are all requests for consent clearly distinguishable? Are facilities for consent withdrawal in place? Is consent freely given in all cases? For children, has consent been given by the holder of parental responsibility in all cases?

Yes

Is all processing of special categories of personal data clearly justified? None - informational only

Yes

Have processing cases where the data subject cannot be identified, been defined?

Yes

2 1 2 3 4

1 2 3

Article 8 - Conditions applicable to child's consent in relation to information society services Article 9 - Processing of special categories of personal data Article 10 - Processing of personal data relating to criminal convictions and offences Article 11 - Processing which does not require identification

2

1c

1f

Article 7 - Conditions for consent

Yes

Yes

1e

Article 6 - Lawfulness of processing

Yes

Are personal data processed lawfully, fairly and transparently? Are personal data collected for specified, explicit and legitimate purposes?

1b

4 All

All All

All

1 dd/mm/yyyy [Name of approver]

Totals:

Yes

Yes Yes Yes Yes

Yes

Yes

Yes Yes Yes

16

ACTION OWNER


Gap assessment results GDPR CHAPTER AND SECTION

REQS IN SECTION

CHAPTER I: General provisions CHAPTER II: Principles CHAPTER III: Section 1 - Transparency and modalities CHAPTER III: Section 2 - Information and access to personal data CHAPTER III: Section 3 - Rectification and erasure CHAPTER III: Section 4 - Right to object and automated individual decision-making CHAPTER III: Section 5 - Restrictions CHAPTER IV: Section 1 - General obligations CHAPTER IV: Section 2 - Security of personal data CHAPTER IV: Section 3 - Data protection impact assessment and prior consultation CHAPTER IV: Section 4 - Data protection officer CHAPTER V: Transfers of personal data Totals

REQS REQS MET APPLICABLE

PERCENTAGE CONFORMANT

2 16 6 12 10 9 2 24 13 11 14 9

2 16 6 12 10 9 2 24 13 11 14 9

2 16 6 12 10 9 2 24 13 11 14 9

100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%

128

128

128

100%


Profile for CertiKit Limited

GDPR-FORM-01-3 GDPR Gap Assessment Tool  

GDPR-FORM-01-3 GDPR Gap Assessment Tool  

Profile for public-it