Page 1

Security Classification: Version: Dated:

GDPR Gap Assessment Tool

[Insert classification] 1 dd/mm/yy [Name of approver]

Approval:

Note: this gap assessment must be conducted with reference to a copy of the GDPR

Chapter

Section

Article

Paragraph Requirements and Point

Compliant?

CHAPTER I - General provisions Article 1 Subject-matter and objectives Article 2 Material scope

All All

Article 3 Territorial scope

All

Article 4 Definitions

All

None - informational only Has it been established that the GDPR applies to the personal data processing activities that the organization undertakes? Has it been established that the GDPR applies, based on the data subjects whose personal data we process? None - informational only Total:

Yes Yes

2

CHAPTER II - Principles Article 5 - Principles relating to processing of personal data

1a

Are personal data processed lawfully, fairly and transparently?

Yes

1b

Are personal data collected for specified, explicit and legitimate purposes? Are the personal data collected adequate, relevant and limited to what is necessary? Are personal data is accurate and, where necessary, kept up to date? Are personal data kept for no longer than is necessary?

Yes

1f

Are personal data processed in a manner that ensures its appropriate security?

Yes

2

As the controller, can we demonstrate compliance with all principles? Has the lawful basis for processing of all personal data been established?

Yes

1c 1d 1e

Article 6 - Lawfulness of processing

Article 7 - Conditions for consent

1

Yes Yes Yes

Yes

2

None - informational only

3

None - informational only

4

For additional processing, has compatibility with the initial purpose been established in compliance with the required criteria?

Yes

1 2 3 4

Can consent be demonstrated in all cases? Are all requests for consent clearly distinguishable? Are facilities for consent withdrawal in place? Is consent freely given in all cases?

Yes Yes Yes Yes

Action required to achieve compliance

Action owner


Gap Assessment Results General Data Protection Regulation

GDPR Chapter and Section

CHAPTER I - General provisions CHAPTER II - Principles CHAPTER III - Section 1 - Transparency and modalities CHAPTER III - Section 2 - Information and access to personal data CHAPTER III - Section 3 - Rectification and erasure CHAPTER III - Section 4 - Right to object and automated individual decision-making CHAPTER III - Section 5 - Restrictions CHAPTER IV - Section 1 - General obligations CHAPTER IV - Section 2 - Security of personal data CHAPTER IV - Section 3 - Data protection impact assessment and prior consultation CHAPTER IV - Section 4 - Data protection officer CHAPTER V - Transfers of personal data Totals

Number of requirements in section

Number of requirements applicable

2 16 6 12 10 9 2 24 13 11 14 9 128

2 16 6 12 10 9 2 24 13 11 14 9 128

Number of % Compliant applicable requirements met

2 16 6 12 10 9 2 24 13 11 14 9 128

100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%


Percentage Compliance to the GDPR 100%

Percentage requirements met

90% 80% 70% 60% 50% 40% 30% 20% 10% 0%

GDPR Chapter/Section


Gdpr form 10 gdpr gap assessment tool  
Gdpr form 10 gdpr gap assessment tool