Please note: This sample only shows part of the Gap Assessment Tool
VERSION: DATED: APPROVAL:
UK GDPR Gap Assessment Tool Note: this gap assessment must be conducted with reference to a copy of the UK GDPR CHAPTER/SECTION
ARTICLE
CHAPTER I: General Provisions
Article 1 - Subject-matter and objectives Article 2 - Material scope
PARAGRAPH AND POINT REQUIREMENTS All
None - informational only
All
Article 3 - Territorial scope
All
Article 4 - Definitions
All
Has it been established that the UK GDPR applies to the personal data processing activities that the organisation undertakes? Has it been established that the UK GDPR applies, based on the data subjects whose personal data we process? None - informational only
Article 5 - Principles relating to processing of personal data
1a
COMPLIANT? ACTION REQUIRED TO ACHIEVE COMPLIANCE
Totals:
CHAPTER II: Principles
Are the personal data collected adequate, relevant and limited to what is necessary?
Yes
1d
Are personal data is accurate and, where necessary, kept up to date? Are personal data kept for no longer than is necessary? Are personal data processed in a manner that ensures its appropriate security? As the controller, can we demonstrate compliance with all principles? Has the lawful basis for processing of all personal data been established? [Not included in UK GDPR] None - informational only For additional processing, has compatibility with the initial purpose been established in compliance with the required criteria? Can consent be demonstrated in all cases?
Yes
Are all requests for consent clearly distinguishable? Are facilities for consent withdrawal in place? Is consent freely given in all cases? For children, has consent been given by the holder of parental responsibility in all cases?
Yes
Is all processing of special categories of personal data clearly justified? None - informational only
Yes
Have processing cases where the data subject cannot be identified, been defined?
Yes
2 1 2 3 4
1 2 3
Article 8 - Conditions applicable to child's consent in relation to information society services Article 9 - Processing of special categories of personal data Article 10 - Processing of personal data relating to criminal convictions and offences Article 11 - Processing which does not require identification
2
1c
1f
Article 7 - Conditions for consent
Yes
Yes
1e
Article 6 - Lawfulness of processing
Yes
Are personal data processed lawfully, fairly and transparently? Are personal data collected for specified, explicit and legitimate purposes?
1b
4 All
All All
All
1 dd/mm/yyyy [Name of approver]
Totals:
Yes
Yes Yes Yes Yes
Yes
Yes
Yes Yes Yes
16
ACTION OWNER
UK GDPR Gap Assessment Dashboard Gap assessment results
To refresh chart data, click on “Refresh All” on the Data ribbon.
UK GDPR CHAPTER AND SECTION
REQS IN SECTION REQS APPLICABLE REQS MET
CHAPTER I: General provisions CHAPTER II: Principles CHAPTER III: Section 1 - Transparency and modalities CHAPTER III: Section 2 - Information and access to personal data CHAPTER III: Section 3 - Rectification and erasure CHAPTER III: Section 4 - Right to object and automated individual decision-making CHAPTER III: Section 5 - Restrictions CHAPTER IV: Section 1 - General obligations CHAPTER IV: Section 2 - Security of personal data CHAPTER IV: Section 3 - Data protection impact assessment and prior consultation CHAPTER IV: Section 4 - Data protection officer CHAPTER V: Transfers of personal data Total
2 16 6 12 10 9 2 23 13 11 14 9 128
2 16 6 12 10 10 2 23 13 11 14 9 128
PERCENTAGE COMPLIANCE
2 16 6 12 10 10 2 23 13 11 14 9 128
Percentage Compliance to the UK GDPR Radar Chart
100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%
CHAPTER V: Transfers of personal data
CHAPTER IV: Section 4 - Data protection officer
CHAPTER IV: Section 3 - Data protection impact assessment and prior consultation
CHAPTER I: General provisions 100% CHAPTER II: Principles 90% 80% 70% 60% CHAPTER III: Section 1 - Transparency 50% and modalities 40% 30% 20% 10% CHAPTER III: Section 2 - Information and 0% access to personal data
Level of Compliance to the UK GDPR REQS MET
CHAPTER IV: Section 2 - Security of personal data
REQS APPLICABLE
CHAPTER III: Section 3 - Rectification and erasure CHAPTER III: Section 4 - Right to object and automated individual decisionmaking CHAPTER III: Section 5 - Restrictions
2
CHAPTER IV: Section 1 - General obligations
CHAPTER I: General provisions 2
16 CHAPTER II: Principles 16
6 CHAPTER III: Section 1 - Transparency and modalities 6
Percentage Compliance to the UK GDPR 12
CHAPTER III: Section 2 - Information and access to personal data 12
100%
100%
10 CHAPTER III: Section 3 - Rectification and erasure
90%
10
80%
11 CHAPTER III: Section 4 - Right to object and automated individual decision-making
70% 11
60%
2
50%
CHAPTER III: Section 5 - Restrictions 2
40% 24
30%
24
20%
CHAPTER IV: Section 1 - General obligations
10%
13
CHAPTER IV: Section 2 - Security of personal data
0%
13 11
CHAPTER IV: Section 3 - Data protection impact assessment and prior consultation 11 14
CHAPTER IV: Section 4 - Data protection officer 14 9
CHAPTER V: Transfers of personal data 9 0
5
10
15
20
25
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%