GDPR-FORM-01-3 GDPR Gap Assessment Tool

Page 1

Please

GDPRGapAssessmentTool

Note:thisgapassessmentmustbeconductedwithreferencetoacopyoftheGDPR

CHAPTERI:GeneralProvisions Article1 Subject-matterand objectives All None informationalonly

Article2 Materialscope All HasitbeenestablishedthattheGDPR appliestothepersonaldataprocessing activitiesthattheorganisation undertakes?

Article3 Territorialscope All HasitbeenestablishedthattheGDPR applies,basedonthedatasubjectswhose personaldataweprocess?

Article4 Definitions All None informationalonly

CHAPTERII:Principles Article5 Principlesrelatingto processingofpersonaldata

Yes

Yes

VERSION: DATED: APPROVAL:

1 dd/mm/yyyy [Nameofapprover]

Totals: 2

1a Arepersonaldataprocessedlawfully, fairlyandtransparently? Yes

1b Arepersonaldatacollectedforspecified, explicitandlegitimatepurposes? Yes

1c Arethepersonaldatacollectedadequate, relevantandlimitedtowhatisnecessary? Yes

1d Arepersonaldataisaccurateand,where necessary,keptuptodate? Yes

1e Arepersonaldatakeptfornolongerthan isnecessary? Yes

1f Arepersonaldataprocessedinamanner thatensuresitsappropriatesecurity? Yes

2 Asthecontroller,canwedemonstrate compliancewithallprinciples? Yes

Article6 Lawfulnessof processing 1 Hasthelawfulbasisforprocessingofall personaldatabeenestablished? Yes

2 None informationalonly

3 None informationalonly

4 Foradditionalprocessing,has compatibilitywiththeinitialpurpose beenestablishedincompliancewiththe requiredcriteria?

Yes

Article7 Conditionsfor consent 1 Canconsentbedemonstratedinallcases? Yes

2 Areallrequestsforconsentclearly distinguishable? Yes

3 Arefacilitiesforconsentwithdrawalin place? Yes

4 Isconsentfreelygiveninallcases? Yes

Article8 Conditionsapplicable tochild'sconsentinrelationto informationsocietyservices

All Forchildren,hasconsentbeengivenby theholderofparentalresponsibilityinall cases?

Yes

Article9 Processingofspecial categoriesofpersonaldata All Isallprocessingofspecialcategoriesof personaldataclearlyjustified? Yes

Article10-Processingof personaldatarelatingto criminalconvictionsand offences

All None informationalonly

Article11-Processingwhich doesnotrequireidentification All Haveprocessingcaseswherethedata subjectcannotbeidentified,been defined?

Yes

Totals: 16

note: This sample shows only a section of the complete Gap Assessment tool.
CHAPTER/SECTION ARTICLE PARAGRAPHANDPOINT REQUIREMENTS COMPLIANT? ACTIONREQUIREDTOACHIEVECOMPLIANCE ACTIONOWNER

GDPRGapAssessmentdashboard

CHAPTERI:Generalprovisions

CHAPTERV:Transfers ofpersonaldata

CHAPTERIV:Section4 Dataprotection officer

CHAPTERIV:Section3 Dataprotection impactassessmentandprior consultation

CHAPTERIV:Section2- Security of personaldata

CHAPTERII:Principles

CHAPTERIII:Section1 Transparency andmodalities

CHAPTERIII:Section2- Informationand accesstopersonaldata

CHAPTERIII:Section3 Rectification and erasure

CHAPTERI:Generalprovisions

CHAPTERII:Principles

CHAPTERIII:Section1- Transparencyandmodalities

CHAPTERIII:Section2- Informationandaccess topersonal data

CHAPTERIII:Section3- Rectification anderasure

CHAPTERIII:Section4- Righttoobjectandautomatedindividualdecision-making

CHAPTERIII:Section5- Restrictions

CHAPTERIV:Section1 General obligations

CHAPTERIV:Section2 Security ofpersonaldata

CHAPTERIV:Section3- Dataprotectionimpactassessmentandpriorconsultation

CHAPTERIV:Section4- Dataprotectionofficer

CHAPTERIV:Section1 General obligations

CHAPTERIII:Section4- Righttoobject andautomatedindividual decisionmaking

CHAPTERIII:Section5 Restrictions

results Torefreshchartdata,clickon“RefreshAll”ontheDataribbon. GDPRCHAPTERANDSECTION REQSINSECTION REQSAPPLICABLE REQSMET PERCENTAGE COMPLIANCE PercentageCompliancetotheGDPRRadarChart CHAPTERI:Generalprovisions 2 2 2 100% CHAPTERII:Principles 16 16 16 100% CHAPTERIII:Section1-Transparencyandmodalities 6 6 6 100% CHAPTERIII:Section2-Informationandaccesstopersonaldata 12 12 12 100% CHAPTERIII:Section3-Rectificationanderasure 10 10 10 100% CHAPTERIII:Section4-Righttoobjectandautomatedindividualdecision-making 9 10 10 100% CHAPTERIII:Section5-Restrictions 2 2 2 100% CHAPTERIV:Section1-Generalobligations 24 25 25 100% CHAPTERIV:Section2-Securityofpersonaldata 13 13 13 100% CHAPTERIV:Section3-Dataprotectionimpactassessmentandpriorconsultation 11 11 11 100% CHAPTERIV:Section4-Dataprotectionofficer 14 14 14 100% CHAPTERV:Transfersofpersonaldata 9 9 9 100% Total 128 130 130 100% LevelofCompliancetotheGDPR PercentageCompliancetotheGDPR 9 14 11 13 25 2 10 10 12 6 16 2 9 14 11 13 25 2 10 10 12 6 16 2
Gapassessment
CHAPTERV:Transfers ofpersonaldata
0 5 10 15 20 25 REQS MET REQS APPLICABLE 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.