GDPR gap analysis

Check for gaps in GDPR compliance in your company's processes.




Most of the clients who have ever applied to the Data Privacy Office have been collecting and processing personal data for a long time, but they didn't pay due attention to the privacy legislation. Therefore, before starting the implementation of GDPR, we always recommend make a GDPR Gap Analysis.

During the work "not according to the rules", a large number of errors accumulate, some of which become systemic, and just fixing a few lines of documents will not help -- it does not work that way. Before starting full-fledged work on GDPR compliance, you should learn about all the errors and shortcomings in the company's systems. This will allow you to make a specific action plan, calculate the necessary financial and time resources.

Our consultants have extensive experience in the field of data privacy and know all the common mistakes that companies make. This will allow you to quickly detect all violations of the law and as soon as possible to begin to eliminate the shortcomings. By ordering Gap Analysis, you will find out all the errors in your system and get a work plan adapted to you for the implementation of GDPR and other regulations.


Siarhei Varankevich CIPP/E, CIPM, MBA, FIP
Founder of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM). Started to work with the GDPR draft version, in 2015, in Munich. Defended his MBA thesis about the Regulation, in Bremen, in 2016. In 2020, he was awarded the title of IAPP Fellow of Information Privacy (FIP) thanks to the recommendations of respected experts.

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

In LinkedIn
Elena Sebyakina CIPP/E, Privacy by design
Data Protection Officer, GDPR Consultant
Since 2014, Elena has specialized on privacy. Till June 2020 she was a Global DPO in an international IT company, where she implemented GDPR processes and principles in all main processes of the group. Under Elena’s supervision was developed a web portal for collection of electronic consents and processing of DSRs; the process of handling of Personal data breaches.
Maria Arnst CIPM, TÜV, Strategic Privacy by Design, DPP
Data Protection Officer, GDPR Consultant, Privacy researcher
Certified Information Privacy Manager, member of International Association of Privacy Professionals with experience of being a Data Protection Officer for European companies, including those focused on privacy and data security. Certified as Data Protection Officer by TÜV (Germany's leading and one of the world's leading independent testing and certification services group), trained in Strategic Privacy by Design.

What does the service include?

With Gap Analysis, we find gaps in compliance with regulations (GDPR, ePrivacy, etc.), and also determine the risks arising from these violations. Next, we create a list of necessary works and measures (GDPR project scope) and help the company prioritize them based on efficiency, resources for implementation and support, the size of fines and the likelihood of consequences.


dpo  What will we check?


1. General it management, data protection and security issues

2. It risk assessment and DPIA process

3. Problems with the data subject

4. Rights of data subjects

5. The process the consent of the data subject

6. The process of informing stakeholders.

7. Mapping of personal data processing and data protection

8. Data protection officer data

9. Register 

10. Information security management System (ISMS) GDPR

11. Processing of personal data by a third party



Work plan

Requirements and articles
We will determine which requirements and norms apply to the company and which do not.
Analyze the risks
We will analyze the risks to the company, as well as the necessary resources to comply with the GDPR.
Actions and Measures
We will create a checklist of actions and measures to comply with the requirements of the Regulations.
Work plan
We will create a detailed work plan to get the company in compliance with the Regulations.

As a result, you will get

Пакеты услуг A list of errors and gaps in working on data privacy.


Обучение  A roadmap for further actions to address the gaps.


Аудит  Checklists for checking individual actions.


DPO Club   Consultation on the implementation of Privacy by Design in the company's products.


Консультации по GDPR   Recommendations for choosing GDPR training for personnel and management.


    The course is loading, wait a few seconds