Please note: This page only shows a part of the complete Gap Assessment tool.
VERSION: DATED: APPROVAL:
GDPR Gap Assessment Tool Note: this gap assessment must be conducted with reference to a copy of the GDPR CHAPTER/SECTION
ARTICLE
PARAGRAPH AND POINT REQUIREMENTS
CHAPTER I: General Provisions
Article 1 - Subject-matter and objectives
All
None - informational only
Article 2 - Material scope
All
Article 3 - Territorial scope
All
Article 4 - Definitions
All
Has it been established that the GDPR applies to the personal data processing activities that the organisation undertakes? Has it been established that the GDPR applies, based on the data subjects whose personal data we process? None - informational only
Article 5 - Principles relating to processing of personal data
1a
COMPLIANT? ACTION REQUIRED TO ACHIEVE COMPLIANCE
Totals:
CHAPTER II: Principles
Are the personal data collected adequate, relevant and limited to what is necessary?
Yes
1d
Are personal data is accurate and, where necessary, kept up to date? Are personal data kept for no longer than is necessary? Are personal data processed in a manner that ensures its appropriate security? As the controller, can we demonstrate compliance with all principles? Has the lawful basis for processing of all personal data been established? None - informational only None - informational only For additional processing, has compatibility with the initial purpose been established in compliance with the required criteria? Can consent be demonstrated in all cases?
Yes
Are all requests for consent clearly distinguishable? Are facilities for consent withdrawal in place? Is consent freely given in all cases? For children, has consent been given by the holder of parental responsibility in all cases?
Yes
Is all processing of special categories of personal data clearly justified? None - informational only
Yes
Have processing cases where the data subject cannot be identified, been defined?
Yes
2 1 2 3 4
1 2 3
Article 8 - Conditions applicable to child's consent in relation to information society services Article 9 - Processing of special categories of personal data Article 10 - Processing of personal data relating to criminal convictions and offences Article 11 - Processing which does not require identification
2
1c
1f
Article 7 - Conditions for consent
Yes
Yes
1e
Article 6 - Lawfulness of processing
Yes
Are personal data processed lawfully, fairly and transparently? Are personal data collected for specified, explicit and legitimate purposes?
1b
4 All
All All
All
1 dd/mm/yyyy [Name of approver]
Totals:
Yes
Yes Yes Yes Yes
Yes
Yes
Yes Yes Yes
16
ACTION OWNER
Gap assessment results GDPR CHAPTER AND SECTION
REQS IN SECTION
CHAPTER I: General provisions CHAPTER II: Principles CHAPTER III: Section 1 - Transparency and modalities CHAPTER III: Section 2 - Information and access to personal data CHAPTER III: Section 3 - Rectification and erasure CHAPTER III: Section 4 - Right to object and automated individual decision-making CHAPTER III: Section 5 - Restrictions CHAPTER IV: Section 1 - General obligations CHAPTER IV: Section 2 - Security of personal data CHAPTER IV: Section 3 - Data protection impact assessment and prior consultation CHAPTER IV: Section 4 - Data protection officer CHAPTER V: Transfers of personal data Totals
REQS REQS MET APPLICABLE
PERCENTAGE CONFORMANT
2 16 6 12 10 9 2 24 13 11 14 9
2 16 6 12 10 9 2 24 13 11 14 9
2 16 6 12 10 9 2 24 13 11 14 9
100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%
128
128
128
100%