Our gap analysis and audit assurance tools are an efficient, effective and thorough way to find out how your organisation measures up, no matter where you are on the journey to compliance.


Our gap analysis services provide an assessment of your organisation's current level of compliance to data protection legislation and highlights any gaps in data compliance that need to be addressed.


This service provides a data audit and assurance piece. We take a logical and detailed look at the organisation as a whole, and key systems, departments and policies, to fairly assess whether you are fully compliant to the relevant legislation and standards. These typically include the GDPR, the Data Protection Act 2018, the electronic communication regulations (ePR/ PECR), ISO 27001, and other information security standards.


From this assessment, we produce a risk register and gap analysis report which explains where the areas of non-compliance are. This analysis is scaled and marks whether you are meeting the best practice standards. The tool we use will determine whether you are non-compliant and running at high risk to data subjects, or data compliant and running at a low risk.


This report enables us to work with you to identify practical, cost effective solutions, to ensure that you are able to get on the road to compliance, and eventually so that you are fully capitalising on the data that you hold.


Stage 1: Offsite Review


To ensure that DPAS fully understand the business processing and various key areas that are affected heavily by the relevant legislation and standards, our project team will spend at least a day offsite familiarising itself with the internal structure of your organisation and the current policies and procedures you have for dealing with data.


DPAS will provide the organisation with a simple GDPR audit questionnaire that should be completed by the Data Protection Project Manager or DPO in advance of this stage. We use the ICO’s 12 steps to compliance as a starting point to assess whether you are meeting as a minimum the requirements set out by the regulator. This GDPR auditing questionnaire is essential for us to be able to hit the ground running when we move in to stage 2, onsite, and to fully appreciate the current status of your organisation. It enables us to make sure that when we come onsite, we have the right people with us with the right specialisms for your business.


Stage 2: Meeting the Key Stakeholders and In-depth Review


GDPR requires top-down awareness and engagement from businesses. DPAS will come in and meet the relevant stakeholders in your business and find out how DP is really operating in practice. We encourage an ‘amnesty’ culture during our time onsite so as to ensure that your employees aren’t worried about repercussions from telling us how the business looks after data. This culture means that we can give you an accurate report on where your risks are and so that we can develop practical solutions that address any gaps in compliance.


This work can take place through one to one meeting, team meetings, anonymous surveys, spot-checks and more. We adapt our approach based on your business.


DPAS will also check and thoroughly assess the policies, procedures and processes that your organisation has implemented. These include the record of processing activity, privacy notices, individual rights processes, data protection impact assessment procedures, data beach polices, BYOD policies etc. This is often the most significant area of work as there can be confusion about what policies an organisation has, difference in labels/ policy titles etc. and so our team work carefully here to ensure that there is no miscommunication.

Stage 3: Reporting

After completing the assurance and assessments and verifying checks, we will be able to put together a risk register and provide recommendations to mitigate those risks.

We have understandable, quantifiable reporting tools. This means we can give you status updates if you use DPAS to help you implement the solutions that we suggest to gaps in compliance. These reports are both paper based, snap-shot visuals, and in-person, or a combination of the above.

This report enables us to work with you to identify practical, cost effective solutions, to ensure that you are able to get on the road to compliance, and eventually so that you are fully capitalising on the data that you hold.


One of the biggest changes introduced under GDPR is that organisations must be able to demonstrate accountability to the law. This is difficult, and most organisations are struggling with how to do this. By using DPAS’s assurance and gap analysis services, your organisation can:

  • Have an accurate understanding of its compliance status;

  • Record and react appropriately to its risk areas;

  • Provide assurance to its partners and other third parties it shares data with;

  • Be confident that it is being advised by an experienced, approachable and adaptable team.

  • Be confident that the work done pre-May 2018 was of a high enough quality and has been implemented

  • Ensure that staff understand their obligations and know what to do when there is a data issue in the Organisation


Contact us and find out how our Data Protection services can benefit your company.Before filling in the form please ensure you have read and understood our privacy notice.


10 Oaktree Place, Marsh Barton, Exeter,

Devon EX2 8WA


01392 914019

  • Black LinkedIn Icon
  • Black Facebook Icon
  • Black Twitter Icon

©2019 Data Privacy Advisory Service Ltd. ALL RIGHTS RESERVED


01392 914019

0203 3013384


 Privacy Notice

Please note all information on this website is for your help and guidance. It should not be regarded as an authoritative

or definitive statement of the law.