GDPR gap analysis

Check for gaps in GDPR compliance in your company's processes.


Most of the clients who have ever applied to the Data Privacy Office have been collecting and processing personal data for a long time, but they didn't pay due attention to the privacy legislation. Therefore, before starting the implementation of GDPR, we always recommend make a GDPR Gap Analysis.

During the work "not according to the rules", a large number of errors accumulate, some of which become systemic, and just fixing a few lines of documents will not help -- it does not work that way. Before starting full-fledged work on GDPR compliance, you should learn about all the errors and shortcomings in the company's systems. This will allow you to make a specific action plan, calculate the necessary financial and time resources.

Our consultants have extensive experience in the field of data privacy and know all the common mistakes that companies make. This will allow you to quickly detect all violations of the law and as soon as possible to begin to eliminate the shortcomings. By ordering Gap Analysis, you will find out all the errors in your system and get a work plan adapted to you for the implementation of GDPR and other regulations.


Siarhei Varankevich CIPP/E, CIPM, MBA, FIP
Founder of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM). Started to work with the GDPR draft version, in 2015, in Munich. Defended his MBA thesis about the Regulation, in Bremen, in 2016. In 2020, he was awarded the title of IAPP Fellow of Information Privacy (FIP) thanks to the recommendations of respected experts.

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

In LinkedIn
Elena Sebjakina CIPP/E, Privacy by design
Data Protection Officer, GDPR Consultant
Since 2014, Elena has specialized in personal data, until June 2020 she worked as a Global DPO in an international IT company and implemented GDPR processes in a group of companies. Introduced the principles of GDPR in all areas of the holding. Under the leadership of Elena, a web portal was created to collect electronic consents and process requests from personal data subjects; the process of processing personal data of Breach cases.
Maria Arnst CIPM, TÜV, Strategic Privacy by Design, DPP
Data Protection Officer, GDPR Consultant, Privacy researcher
Certified Information Privacy Manager, member of International Association of Privacy Professionals with experience of being a Data Protection Officer for European companies, including those focused on privacy and data security. Certified as Data Protection Officer by TÜV (Germany's leading and one of the world's leading independent testing and certification services group), trained in Strategic Privacy by Design.

With Gap Analysis, we find gaps in compliance with regulations (GDPR, ePrivacy, etc.), and also determine the risks arising from these violations. Next, we create a list of necessary works and measures (GDPR project scope) and help the company prioritize them based on efficiency, resources for implementation and support, the size of fines and the likelihood of consequences.


dpo  What will we check?


  1. General it management, data protection and security issues
  2. It risk assessment and DPIA process
  3. Problems with the data subject
  4. Rights of data subjects
  5. The process the consent of the data subject
  6. The process of informing stakeholders.
  7. Mapping of personal data processing and data protection
  8. Data protection officer data
  9. Register 
  10. Information security management System (ISMS) GDPR
  11. Processing of personal data by a third party



Work plan

Requirements and articles
We will determine which requirements and norms apply to the company and which do not.
Analyze the risks
We will analyze the risks to the company, as well as the necessary resources to comply with the GDPR.
Actions and Measures
We will create a checklist of actions and measures to comply with the requirements of the Regulations.
Work plan
We will create a detailed work plan to get the company in compliance with the Regulations.

As a result, you will get

Пакеты услуг A list of errors and gaps in working on data privacy.


Обучение  A roadmap for further actions to address the gaps.


Аудит  Checklists for checking individual actions.


DPO Club   Consultation on the implementation of Privacy by Design in the company's products.


Консультации по GDPR   Recommendations for choosing GDPR training for personnel and management.


    The course is loading, wait a few seconds