[Note: to unprotect the worksheet, go to File then under Protect Workbook, click on the "Unprotect" link next to the worksheet you want to unlock. There is no password.]
Version:
1
Dated:
GDPR Gap Assessment Tool
dd/mm/yy [Name of approver]
Approval:
Note: this gap assessment must be conducted with reference to a copy of the GDPR
Chapter
Section
Article
Paragraph Requirements and Point
Compliant?
CHAPTER I - General provisions Article 1 Subject-matter and objectives Article 2 Material scope
All All
Article 3 Territorial scope
All
Article 4 Definitions
All
None - informational only Has it been established that the GDPR applies to the personal data processing activities that the organisation undertakes? Has it been established that the GDPR applies, based on the data subjects whose personal data we process? None - informational only Total:
Yes Yes
2
CHAPTER II - Principles Article 5 - Principles relating to processing of personal data
1a
Are personal data processed lawfully, fairly and transparently?
Yes
1b
Are personal data collected for specified, explicit and legitimate purposes? Are the personal data collected adequate, relevant and limited to what is necessary? Are personal data is accurate and, where necessary, kept up to date? Are personal data kept for no longer than is necessary?
Yes
1f
Are personal data processed in a manner that ensures its appropriate security?
Yes
2
As the controller, can we demonstrate compliance with all principles? Has the lawful basis for processing of all personal data been established?
Yes
1c 1d 1e
Article 6 - Lawfulness of processing
Article 7 - Conditions for consent
Article 8 - Conditions applicable to child's consent in relation to information society services Article 9 - Processing of special categories of personal data Article 10 - Processing of personal data relating to criminal convictions and offences Article 11 - Processing which does not require identification
1
Yes Yes Yes
Yes
2
None - informational only
3
None - informational only
4
For additional processing, has compatibility with the initial purpose been established in compliance with the required criteria?
Yes
Can consent be demonstrated in all cases? Are all requests for consent clearly distinguishable? Are facilities for consent withdrawal in place? Is consent freely given in all cases? For children, has consent been given by the holder of parental responsibility in all cases? Is all processing of special categories of personal data clearly justified? None - informational only
Yes Yes Yes Yes Yes
Have processing cases where the data subject cannot be identified, been defined?
Yes
1 2 3 4 All All All All
Total:
Yes
16
CHAPTER III - Rights of the data subject Section 1 - Transparency and modalities Article 12 - Transparent information, communication and modalities for the exercise of the rights of the data subject
1
Is all information provided to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and in the required formats?
Yes
Action required to achieve compliance
Action owner
Gap Assessment Results General Data Protection Regulation
GDPR Chapter and Section
CHAPTER I - General provisions CHAPTER II - Principles CHAPTER III - Section 1 - Transparency and modalities CHAPTER III - Section 2 - Information and access to personal data CHAPTER III - Section 3 - Rectification and erasure CHAPTER III - Section 4 - Right to object and automated individual decision-making CHAPTER III - Section 5 - Restrictions CHAPTER IV - Section 1 - General obligations CHAPTER IV - Section 2 - Security of personal data CHAPTER IV - Section 3 - Data protection impact assessment and prior consultation CHAPTER IV - Section 4 - Data protection officer CHAPTER V - Transfers of personal data Totals
Number of requirements in section
Number of requirements applicable
2 16 6 12 10 9 2 24 13 11 14 9 128
2 16 6 12 10 9 2 24 13 11 14 9 128
Number of % Compliant applicable requirements met
2 16 6 12 10 9 2 24 13 11 14 9 128
100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%
Level of Compliance to the GDPR
Number of Requirements
30
25
20
15
10
5
0
GDPR Chapter/Section
Number of requirements applicable Number of applicable requirements met
Percentage Compliance to the GDPR
100%
Percentage requirements met
90% 80% 70%
60% 50%
40% 30% 20%
10% 0%
GDPR Chapter/Section
Percentage Compliance to the GDPR Radar Chart
CHAPTER I - General provisions 100%
CHAPTER V - Transfers of personal data
90%
CHAPTER II - Principles
80% 70%
CHAPTER IV - Section 4 - Data protection officer
60%
50%
CHAPTER III - Section 1 - Transparency and modalities
40% 30% 20% CHAPTER IV - Section 3 - Data protection impact assessment and prior consultation
10% 0%
CHAPTER IV - Section 2 - Security of personal data
CHAPTER III - Section 2 - Information and access to personal data
CHAPTER III - Section 3 - Rectification and erasure
CHAPTER IV - Section 1 - General obligations
CHAPTER III - Section 4 - Right to object and automated individual decision-making CHAPTER III - Section 5 - Restrictions